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AU/AFF/NNN/2009-04 


Abstract 

Over  the  last  decade,  cyberspace  proponents  within  the  Air  Force  have  articulated  their 
mission  area’s  vision,  developed  warfighting  doctrine,  and  organized  units  at  the  wing-level  and 
below  for  network  warfare  operations.  Airmen  have  been  trained,  forces  for  network  warfare 
operations  have  been  fielded,  and  professionalization  programs  have  been  proposed. 
Additionally,  senior  leadership  has  made  final  decisions  regarding  the  organization  of  Air  Force 
cyberspace  capabilities  within  a  numbered  air  force  and  the  presentation  of  those  forces  to  the 
joint  warfighting  community  through  a  major  command. 

The  Air  Force  has  clearly  moved  forward  in  achieving  its  recently  modified  mission 
statement  to  fly  and  fight  in  cyberspace.  It  has  satisfied  key  components  of  the  DOTMLFP 
construct  (doctrine,  organization,  training,  materiel,  leadership,  facilities  and  personnel) 
necessary  to  field  and  sustain  a  mission  area  and  its  component  warfighting  capabilities.  Based 
on  the  levels  of  development  and  investment  in  complementary  mission  areas,  it  can  be 
presumed  that  similar  efforts  must  have  been  made  and  advances  realized  in  fielding  materiel 
capabilities  for  cyberspace.  It  can  also  be  presumed  that  these  capabilities  were  largely 
developed  within  the  framework  of  existing  Department  of  Defense  and  Service-specific 
processes  to  develop  more  traditional  warfighting  systems,  although  perhaps  compartmentalized. 

These  corporate  processes  have  been  broadly  criticized  for  their  growing  inability  to  provide 
traditional  warfighting  capabilities  on  schedule  and  within  budget,  while  also  satisfying  threshold 
operational  requirements.  These  delivery  delays,  cost  overruns  and  requirement  shortfalls  occur 
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in  the  development  programs  of  eaeh  Serviee,  in  programs  developed  for  each  operational 
medium  (air,  space,  ground  and  maritime),  and  are  independent  of  the  prime  defense  contractor 
or  magnitude  of  program  investment.  This  suggests  ingrained  challenges  underlying  corporate 
processes  and  bureaucratic  oversight  means,  as  well  as  the  organizational  culture. 

One  can  anticipate  that  similar  cost,  schedule  and  requirements  satisfaction  issues  would 
arise  in  network  warfare  programs  employing  the  same  mechanisms  for  traditional  weapon 
systems  procurement.  However,  the  adverse  consequences  of  the  current  corporate  processes 
would  be  amplified  if  they  were  fully  applied  to  cyberspace  acquisition  programs. 

The  nature  of  network  warfare  operations  and  the  more  rapid  technology  change  within  the 
cyberspace  domain  places  an  increasing  value  on  rapid  capability  delivery.  Developed 
capabilities  may  have  a  limited  lifespan  of  operational  effectiveness,  perhaps  on  the  order  of 
days,  weeks  and  months;  therefore,  any  process  delay  in  providing  cyberspace  capabilities  may 
make  the  delivered  system  obsolete  by  its  delivery.  Applying  traditional  requirements,  resource 
and  acquisition  processes  to  the  development  of  network  warfare  capabilities  will  ensure  the  Air 
Force  has  less-than-capable  systems. 

This  paper  reviews  the  sufficiency  of  current  corporate  processes  to  field  network  warfare 
capabilities,  and  how  those  processes  may  prove  incompatible  with  the  nature  of  cyberspace 
conflict  and  its  technological  domain.  Through  interviews  with  senior  policy  makers, 
operational  commanders,  resource  functional  managers,  acquisition  professionals  and  private 
sector  innovators,  the  author  identifies  obstacles  to  rapidly  fielding  network  warfare  capabilities 
within  current  Department  of  Defense  corporate  processes.  Additionally,  the  author  identifies 
potential  solutions  to  these  challenges  by  identifying  suggestions  and  recommendations  made  by 
those  interviewed. 


8 


Chapter  1 


The  Cyberspace  Domain 


As  weapons  increase  in  lethality,  precision  and  standojf,  intercepting  any  hostile 
platform  early  in  its  flight  is  increasingly  important. 

—  General  Ronald  R.  Fogleman,  16*  Chief  of  Staff,  United  States  Air  Foree 


When  the  Air  Foree  added  eyberspaee  to  its  mission  statement  in  2005,  it  defined  a  new 
domain  for  Serviee  operations.'  The  eyber  domain  joined  those  of  air  and  spaee,  the  traditional 
Air  Force  operating  environments.  The  Air  Force  has  now  established  plans  to  form  a 
cyberspace-focused,  24*  Air  Force  within  Air  Force  Space  Command,  and  is  developing  its 
network  warfare  capabilities  to  enable  joint  operations. 

Additionally,  the  Air  Force  has  established  a  functional  management  office  within  the  Air 
Staff,  has  created  a  formal  schoolhouse  and  force  training  pipeline,  and  is  designating  a  new  Air 
Force  specialty  code  for  the  information  operations  career  field.  In  developing  a  viable 
warfighting  capability,  the  Air  Force  is  clearly  investing  resources  towards  the  organization  and 
training  of  cyberspace  forces. 


*  Air  Force  Link,  “Air  Force  Releases  New  Mission  Statement,”  http://www.af.mil/news/story.asp?id=123013440 

(accessed  10  December  2008). 

2 

Headquarters  United  States  Air  Force  Program  Action  Directive  07-08,  “Phase  I  of  the  Implementation  of  the 
Secretary  of  the  Air  Force  Direction  to  Organize  Air  Force  Cyberspace  Forces,”  20  February  2009. 

^  Air  Force  Cyber  Command,  “New  Cyberspace  Career  Fields,  Training  Paths,  Badge  Proposed,” 
http://www.afcyber.af  mil/news/story.asp?id=123 104963  (accessed  15  Dec  2008). 
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As  aerospace  capabilities  were  developed  previously  and  then  further  advanced  over  time, 
the  new  cyberspace  community  will  similarly  work  towards  defining  its  warfighting  potential 
and  desired  mission  capabilities.  It  will  satisfy  these  mission  area  objectives  through  the 
DOTMLFP  (doctrine,  organization,  training,  materiel,  leadership,  facilities  and  personnel) 
construct.  Just  as  the  other  aerospace  operations  and  capabilities  evolved  through  this  process, 
so  too  will  those  within  the  cyberspace  arena.  It  should  be  expected  that  a  military  leadership 
culture  would  apply  well  known  and  previously  applied  techniques  to  a  new  challenge, 
particularly  one  as  daunting  as  establishing  a  new  warfighting  domain  for  its  Service. 

Cyberspace  operations,  although  new  and  developing  in  its  operational  concepts,  does  share 
common  elements  with  air  and  space  operations,  namely  global  reach  and  global  strike. 
Similarly,  cyberspace  operations  would  strive  to  achieve  combat  advantage  over  adversaries 
through  effects-based  objectives,  stealthy  approach  and  precision  engagement.  Senior  decision 
makers  within  the  Department  of  the  Air  Force  have  made  use  of  these  commonalities  in  helping 
develop,  shape  and  communicate  their  vision  for  future  cyberspace  operations. 

It  is  understandable  that  they  do  so,  as  it  enables  Airmen  to  map  their  understanding  of  other 
known  elements  of  aerospace  capabilities  to  the  new  and  lesser  known  realm  of  cyberspace 
operations.  Even  such  challenges  as  force  organization  and  presentation  of  cyber-focused  forces 
can  be  made  less  daunting  by  relying  on  the  experiences  and  lessons  learned  from  the  Air 
Force’s  more  traditional  air  and  space  missions. 

The  cyberspace  domain  and  the  network  warfare  operations  conducted  within  it,  however, 
may  prove  to  be  so  unique  that  past  leadership  approaches,  processes  and  mindsets  might  not  be 
so  easily  applied.  Particularly  in  the  area  of  materiel  development,  the  operational  requirements 
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of  network  warfare  systems  may  be  so  different  that  the  broad  applieation  of  eurrent  proeesses 
may  aetually  hinder  the  rapid  delivery  of  relevant  eapabilities.  Applying  what  may  be 
recognized  as  tried  and  tested  resource  management  processes  to  the  development  of  cyberspace 
systems  might  lead  to  operational  shortfalls. 

Clearly,  there  are  benefits  in  following  known  methods  in  organizing  the  cyberspace  mission 
and  its  capabilities;  however,  the  cyber  domain  is  sufficiently  different  from  more  physical-based 
domains  to  suggest  there  are  limits  to  imposing  traditional  business  practices  on  it.  The  defining 
characteristics  of  cyberspace,  its  operating  environment  and  its  technology-enabled  capabilities 
are  such  that  the  inefficiencies  of  traditional  corporate  management  actions  are  amplified  when 
applied  to  the  cyber  domain.  The  unintended  consequences  of  such  broad  process  templating 
may  very  well  prevent  cyberspace  forces  from  fulfilling  the  Air  Force’s  vision  for  their  future 
operational  effectiveness. 

The  examination  of  these  corporate  processes  and  their  unintended  effects  on  network 
warfare  systems  development  will  be  reviewed  in  this  paper,  as  well  as  consideration  of  potential 
alternatives  as  proposed  by  senior  leaders  and  subject  matter  experts  within  the  cyberspace 
community.  Before  the  potential  problems  can  be  identified  and  alternatives  proposed,  however, 
a  quick  orientation  to  the  cyberspace  domain  and  network  warfare  operations  is  necessary.  Its 
doctrinal  components,  mission  area  objectives,  potential  mission  sets  and  network  warfare 
systems  must  be  mentioned,  with  particular  consideration  of  the  technological  influence  on  its 
potential  success. 
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Network  Warfare  Doctrine 


Although  there  are  slight  differenees  in  terminology,  joint  and  Air  Foree  doetrine  agree  in 
eoneept  regarding  the  nature  and  eomponents  of  network  warfare.  The  joint  doetrinal 
publieation  defines  these  as: 


Computer  Network  Operations:  eomprised  of  eomputer  network  attaek,  eomputer 
network  defense,  and  related  eomputer  network  exploitation  enabling  operations. 

Computer  Network  Attaek:  aetions  taken  through  the  use  of  eomputer  networks  to 
disrupt,  deny,  degrade,  or  destroy  information  resident  in  eomputers  and  eomputer 
networks,  or  the  eomputers  and  networks  themselves. 

Computer  Network  Defense:  aetions  taken  through  the  use  of  eomputer  networks  to 
proteet,  monitor,  analyze,  deteet  and  respond  to  unauthorized  aetivity  within 
Department  of  Defense  information  systems  and  eomputer  networks. 

Computer  Network  Exploitation:  enabling  operations  and  intelligenee  eolleetion 
eapabilities  eondueted  through  the  use  of  eomputer  networks  to  gather  data  from 
target  or  adversary  automated  information  systems  or  networks."^ 


Likewise,  network  warfare  operations  are  defined  in  Air  Foree  doetrine  as: 

Network  warfare  operations:  integration  of  the  military  eapabilities  of  network 
attaek,  network  defense,  and  network  warfare  support. 

Network  attaek:  employment  of  network-based  eapabilities  to  destroy,  disrupt, 
eorrupt,  or  usurp  information  resident  in  or  transiting  through  networks. 

Network  defense:  employment  of  network-based  eapabilities  to  defend  friendly 
information  resident  in  or  transiting  through  networks  against  adversary  efforts  to 
destroy,  disrupt,  eorrupt,  or  usurp  it. 

Network  warfare  support:  eolleetion  and  produetion  of  network  related  data  for 
immediate  deeisions  involving  network  warfare  operations.  ^ 


Joint  Staff.  Joint  Publication  3-13:  Information  Operations.  Washington  D.C.:  Joint  Publication,  13  February 
2006. 

^  Air  Force  Doctrine  Center.  Air  Force  Doctrine  Document  2-5:  Information  Operations.  Maxwell  AFB,  AL:  Air 
Force  Publications,  11  January  2005. 
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In  reading  these  doetrinal  definitions,  teehnologieal  terms  are  used  frequently  to  deseribe  the 
operating  environment,  the  nature  of  “on-net”  operations,  and  the  elements  to  be  targeted, 
defended  and  exploited.  Whether  the  terminology  used  is  network,  eomputers,  data  or  systems, 
the  underlying  theme  is  teehnology.  It  is  man-made  teehnology  that  defines  the  medium  in 
whieh  eyberspace  operations  oeeur. 

In  eontrast,  other  domains  of  military  eonfiiet  are  defined  by  the  physieal  arena  in  whieh  the 
operations  take  plaee.  The  nature  of  air,  ground,  maritime  and  spaee  operations  may 
inerementally  ehange  as  new  materiel,  taeties  and  training  are  introdueed.  Similarly, 
teehnologieal  advanees  and  innovation  may  enable  new  operational  advantages  in  traditional 
warfighting  domains.  The  underlying  eharaeteristies  of  those  domains  are  unehanging,  however. 
Geography  and  physics  define  and  constrain  air,  ground,  maritime  and  space  operations,  not 
technology. 

“In  no  other  area  is  the  pace  and  extent  of  technological  change  as  great  as  in  the  realm  of 
information,”  said  the  Air  Force’s  strategic  vision  document,  “Global  Engagement:  A  Vision  of 
2E*  Century  Air  Force. Written  in  the  1990s  following  the  early  concept  development  of 
command  and  control  warfare  and  then  information  warfare,  this  statement  is  still  accurate  today. 
If  network  warfare  operations  are  focused  on  technology-intensive  systems  such  as  computers, 
networks  and  automated  information  systems,  then  one  must  consider  how  network  warfare 
systems  will  maintain  technological  pace  as  changes  occur  within  those  targeted  systems. 
Effective  cyberspace  operations  will  be  largely  determined  by  our  ability  to  remain  within 
technological  reach  of  the  networks  we  wish  to  target. 


^  HQ  USAF/XP,  “Global  Engagement:  A  Vision  for  the  2E'  Century,” 

http://www.au.afmiFau/awc/awcgate/globaFcompetencies/information.htm  (accessed  15  January  2009). 
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Mission  Area  Objectives 


Network  warfare  operations  have  the  ultimate  objeetive  of  satisfying  or  enabling  the 
operational  commander’s  warfighting  intent  across  the  spectrum  of  potential  combat  operations. 
Those  objectives  might  be  achieved  in  a  kinetic  combat  engagement,  or  they  may  be  purposeful 
operations  to  shape  an  adversary’s  battlespace  awareness.  How  cyberspace  forces  and  systems 
will  contribute  to  operational  success  is  somewhat  dependent  upon  the  tasks  assigned  to  them. 

An  operational  commander  will  consider  available  combat  systems  and  tactics  to  best 
achieve  his  objective  within  imposed  constraints,  whether  those  be  based  on  political, 
geographic,  resource,  time  or  rules  of  engagement  limitations.  His  courses  of  action  may 
leverage  lethal  and  non-lethal  options,  while  also  exploiting  firepower  and  maneuver  advantages. 
Although  their  applicability  will  differ  in  every  military  scenario,  network  warfare  operations  are 
intended  to  either  enable  other  elements  of  combat  power  or  serve  as  the  primary  means  to  affect 
the  adversary,  while  also  protecting  friendly  force  networks  and  their  information. 

Network  warfare  operations  are  no  different  from  the  more  traditional  combat  arms  in 
seeking  to  manipulate  adversary  behavior.  Military  operations  in  all  domains  seek  to  influence 
the  adversary,  ultimately  with  the  intent  of  forcing  the  adversary  to  yield  to  our  desired  outcome; 
however,  only  operations  within  cyberspace  do  this  solely  by  seeking  to  affect  information  and 
the  systems  on  which  that  information  is  passed. 

Focusing  on  the  attack  element  of  network  warfare  operations,  cyberspace  forces  would 
employ  materiel  capabilities  to  deny,  degrade,  deceive,  disrupt,  destroy  or  otherwise  neutralize 
the  targeted  adversary  information  components.  Those  targeted  elements  may  be  hardware, 
software  or  information-based  in  nature,  and  the  immediate  objective  may  be  to  affect  a  specific 
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network,  a  defined  data  set  or  perhaps  a  seeondary  system  either  eontrolled  or  influeneed  by  the 
initially  targeted  system.  Intelligenee-oriented  operations  would  likewise  seek  to  extraet  and 
exploit  information  resident  on  the  adversary’s  systems  or  moving  within  their  networks.  And 
defensive  operations  would  seek  to  ensure  proteetion  from  sueh  attaeks  eondueted  by  the 
adversary. 

It  must  be  noted  that  other  warfighting  elements,  sueh  as  eleetronie  warfare  and 
psyehologieal  operations,  have  the  ability  of  attacking  the  adversary  through  non-kinetic  means. 
However,  an  important  distinction  arises  when  noting  that  network  warfare  is  the  only  non- 
kinetic  means  to  affect  the  adversary  at  the  information-level.  That  is  to  say,  network  warfare 
systems  have  the  potential  to  maneuver  on  the  adversary’s  network  to  dynamically  shape  his 
orientation  and  affect  future  actions. 

The  desired  effect  of  these  network  operations  is  to  shape  the  adversary’s  orientation  to  the 
battlespace  and  our  operations,  as  well  as  his  future  actions.  The  methods  are  through  the 
destruction  of  data,  manipulation  of  networks  or  deception  of  enemy  combatants.  The  manner  in 
which  these  operations  will  be  executed  may  vary  with  the  type  of  system  targeted  or  the  nature 
of  the  information  within  the  network. 

Combat  operations  within  other  warfighting  domains  also  seek  to  gain  advantage  over  the 
adversary,  with  the  objective  of  gaining  supremacy  or  dominance  over  the  adversary.  Just  as 
Airmen  seek  to  gain  air  dominance  over  hostile  air  forces.  Airman  conducting  network  warfare 
operations  also  seek  to  gain  advantage. 

Information  superiority  enables  our  forces  to  better  understand  events  within  the  battlespace 
at  both  a  qualitative  and  quantitative  advantage,  enabling  leadership  to  more  quickly  exploit 
opportunities  and  recognize  vulnerabilities.  This  information  advantage  enables  a  more  defined 
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knowledge  regarding  adversary  eapabilities  and  aetions,  while  eoneurrently  attempting  to 
minimize  the  adversary’s  understanding  of  friendly  forees.  So  important  is  the  eoneept  of 
information  superiority,  it  is  ineluded  as  one  of  the  Air  Foree’s  six  eore  eompeteneies. 

As  is  the  ease  with  teehnologieal  infrastrueture,  the  paee  is  rapid  in  the  fielding  of  new 
information-based  applieations.  The  initial  appearanee  of  an  applieation  may  be  followed  within 
months  by  a  more  eapable  model  by  the  same  manufaeturer  or  an  entirely  new  offering  may  be 
available  from  a  different  vendor  having  a  different  proprietary  eoneept.  Eaeh  version  of  the 
applieation  may  have  different  performanee  eharaeteristies  and  be  proteeted  by  different  seeurity 
protoeols,  eaeh  with  differing  levels  of  maturity. 

Network  warfare  operations  have  already  been  eharaeterized  by  the  need  to  affeet 
teehnology-intensive  systems,  with  partieular  eonsideration  given  towards  the  paee  in  whieh 
teehnology  may  ehange  within  the  targeted  network.  Now  one  must  also  eonsider  how  quiekly 
applieations  and  seeurity  oeeur  within  the  network.  Effeetive  network  warfare  systems  must  be 
able  to  adapt  quiekly  to  the  ehanging  environment  whieh  they  are  being  tasked  to  affeet. 

Potential  Target  Sets 

Both  Department  of  Defense  and  Air  Eoree  doetrine  doeuments  identify  networks, 
eomputers  and  resident  information  as  potential  targets  of  network  warfare  operations.  That 
these  teehnologieal  elements  might  be  the  foeus  of  an  attaek  or  exploitation,  as  well  as  being 
proteeted  in  defense,  is  elear.  As  diseussed  previously,  keeping  paee  with  the  enabling 
teehnologies  and  information  applieations  will  be  one  ehallenge  to  effeetive  eyberspaee 
operations.  However,  this  rate  of  ehange  is  not  eonstant  aeross  the  adversaries  we  might  faee  in 
eonfliet.  Additionally,  there  are  varying  degrees  of  sophistieation  in  the  information  networks  of 
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potential  adversaries.  One  must  consider  how  cyberspace  capabilities  will  be  developed  that  will 
have  the  breadth  of  utility  and  depth  of  capability  to  achieve  their  desired  effects. 

A  near-peer  competitor  with  a  sophisticated  telecommunications  network  and  developed 
infrastructure  suggests  that  this  might  be  more  challenging  target.  Certainly  the  scope  of 
potential  network  targets  would  be  large,  as  would  be  the  associated  information  applications  and 
data.  But  what  of  the  challenge  posed  by  a  non-state  actor  involved  in  a  transnational  threat 
towards  our  interests? 

A  non-state  actor  such  as  a  terrorist  group  is  not  obligated  to  establish  a  traditional 
telecommunications  network  to  coordinate  its  activities.  Instead,  it  may  exploit  the 
telecommunications  infrastructure  of  its  unwitting  host  country,  employing  civilian  networks, 
personal  communications  devices  and  commercially  available  applications  to  coordinate  its 
actions.  This  suggests  that  network  warfare  capabilities  will  have  requirements  to  affect 
networks,  computers  and  information  on  both  government  and  commercial  networks.  This 
increases  the  level  of  sophistication  required  for  attack  and  exploitation,  as  well  the  breadth  of 
systems  against  which  cyberspace  operations  may  be  directed. 

Further,  it  points  towards  the  need  to  keep  pace  with  technology  development  efforts  in  both 
government  and  commercially-lielded  systems.  In  decades  past  and  prior  to  the  transformation 
of  analog-to-digital  communications,  government  interests  and  large  corporate  investments 
produced  the  grid  on  which  information  was  transferred  and  provided  the  information  systems  in 
which  data  was  used.  Innovators  and  small  start-up  companies  can  now  provide  new  alternatives 
to  networks,  computers  and  information  applications,  often  bundling  them  with  other  capabilities 
for  unanticipated  uses. 
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This  indicates  that  future  eyberspace  eapabilities  will  not  only  have  to  eonsider  oommereial 
networks,  but  also  the  paee  in  whieh  new  teehnology  enters  the  market  plaee.  In  the  example  of 
the  non-state  actor,  he  may  continually  adopt  the  latest  eommereially  available  systems, 
applieations  and  eneryption  to  eoordinate  his  group’s  efforts,  posing  a  moving  target  in  the 
cyberspace  domain  and  beeoming  inereasingly  more  difficult  to  affect.  Not  only  will  cyberspace 
operations  require  maneuverability  on  both  government  and  eommereial  networks,  but  they  must 
also  eonsider  the  potential  of  pop-up  technologieal  ehallenges  posed  by  commereially-available 
systems  and  applieations. 

The  methods  and  means  to  a  sueeessful  network  attack  or  exploitation  must  also  consider 
the  purpose  and  sophistieation  of  the  targeted  network.  Military  networks  and  senior-level  nodes 
may  prove  the  most  diffieult,  with  varying  levels  of  security  and  encryption.  But  what  of  civilian 
networks  on  whieh  targeted  systems  may  operate?  Is  the  operational  eommander’s  intent  to 
disrupt  the  eleetrie  grid  or  transportation  network?  Perhaps  he  wishes  to  affeet  only  eertain 
regions  of  the  battlespaee  while  omitting  others  from  the  attaek.  How  might  network  operations 
be  eondueted  against  a  hardened  or  deeply  buried  target? 

The  intent  here  is  not  to  show  how  diffieult  network  warfare  might  be,  but  rather  to 
emphasize  the  breadth  of  targets  and  different  networks  which  cyberspace  forees  might  be 
direeted  to  affeet.  Certainly  there  is  a  limit  to  network  warfare’s  operational  reaeh;  however,  the 
above  situations  eould  all  be  worthwhile  operational  requirements  of  a  network  warfare  platform. 
This  suggests  that  the  breadth  and  unique  nature  of  the  potential  operational  tasks  will  require 
some  level  of  adaptable  systems  to  target  new  and  emergent  targets,  as  required  by  the 
operational  eommander. 
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Network  Warfare  Systems 


The  Air  Force  efforts  to  establish  command  and  control  structures,  as  well  as  identify  force 
development  needs,  provide  the  framework  for  the  Service’s  future  network  warfare  potential; 
however,  it  is  the  procurement  and  employment  of  operationally-relevant  materiel  capabilities 
which  will  provide  the  substance  of  the  mission  area’s  warfighting  utility.  As  the  Air  Force 
implements  its  plans  to  establish  a  cyberspace  mission  area,  it  must  also  invest  resources  to 
develop,  acquire  and  field  cyberspace  capabilities.  These  network  warfare  systems  will  enable 
defensive,  offensive  and  intelligence-gathering  missions  within  the  cyber  domain.^ 

Network  warfare  systems,  comprising  both  hardware  and  software  elements,  will  form  the 
materiel  component  of  these  cyberspace-domain  capabilities.  These  are  not  new  concepts  to 
military  weapon  systems  development.  Technology-intensive  components  have  been  integrated 
into  traditional  weapon  systems  for  decades.  However,  the  hardware  and  software  requirements 
of  cyberspace  weapons  platforms  will  be  unique,  driven  by  the  defining  characteristics  of  their 
domain  and  most  notably  by  the  pace  of  technology  advances  in  the  targeted  network. 

There  does  not  appear  to  be  a  standard  template  for  how  a  network  warfare  system  will  look, 
operate  or  be  employed.  A  system  will  be  tailored  to  its  specific  cyberspace  mission,  whether 
offensive,  defensive  or  intelligence-focused.  For  those  developed  for  network  attack,  a  critical 
attribute  may  be  stealthy  electronic  access  to  a  single  targeted  network.  Defensive  systems,  in 
comparison,  may  require  broader  integration  into  a  multi-layered,  joint  or  coalition  network 
security  structure.  Intelligence-oriented  network  warfare  efforts  may  rely  on  human 
emplacement  of  devices  to  gather  and  extract  information  from  a  single  targeted  computer. 

’  Joint  Staff.  Joint  Publication  3-13:  Information  Operations.  Washington  D.C.:  Joint  Publication,  13  February 
2006. 
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Clearly,  the  mission  purpose  will  drive  the  form,  fit  and  function  of  the  component 
cyberspace  systems.  There  could  not  be  a  single  system  which  performs  all  network  warfare 
operations  or  a  single  system  to  execute  all  missions  within  one  area.  This  indicates  that 
multiple  platforms  may  exist,  each  tailored  for  its  specific  mission  and  target. 

The  opportunities  presented  by  network  warfare  operations  are  balanced  by  its  challenges. 
Robust  sensor  suites  for  defensive  operations,  stealthy  access  mechanisms  and  tools  for  network 
exploitation,  and  the  precision  employment  requirements  of  offensive  capabilities  must  maintain 
their  effectiveness  in  a  medium  defined  by  frequent,  swift  and  steady  technological  advances,  as 
well  as  innovative  applications  of  that  technology.  Whereas  the  mediums  of  air,  space,  maritime 
and  ground  conflict  are  constrained  by  unchanging  physical  characteristics,  the  cyberspace 
medium  is  continually  evolving  based  on  how  technologies  and  innovations  are  applied. 

This  suggests  that  the  hardware  and  software  components  of  network  warfare  operations 
will  be  continually  evolving  to  maintain  or  secure  freedom  of  action  in  the  cyberspace  domain. 
Defensive  sensors  and  software  packages  will  be  continually  updated  to  address  new  and 
emerging  threats.  Intelligence  gathering  methods  and  applications  will  be  ever  evolving  to 
exploit  both  technological  opportunities  and  adversary  weaknesses.  Offensive  capabilities  will 
demand  constant  modification  to  ensure  they  can  achieve  their  desired  effects  against  adversary 
networks  and  applications  in  constant  flux. 
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Chapter  2 


The  Challenges 


Victory  smiles  upon  those  who  anticipate  the  changes  in  the  character  of  war,  not 
upon  those  who  wait  to  adapt  themselves  after  the  changes  occur. 

Giulio  Douhet,  Italian  general  and  early  air  power  theorist 

If  eyberspaee  operations  are  to  be  sueeessful,  it  will  be  due  to  its  trained  personnel, 
developed  taeties,  teehniques  and  proeedures,  and  eapable  suite  of  network  warfare  systems.  It 
is  the  development  of  these  materiel  eapabilities  whieh  may  well  prove  the  most  diffieult  task,  as 
noted  previously  in  the  diseussion  of  doetrine,  mission  area  objeetives,  potential  target  sets  and 
the  nature  of  network  warfare  systems  themselves.  The  breadth  of  targets,  differing  nature  of 
potential  adversaries,  varying  degrees  of  network  sophistieation  and  need  for  frequent  system 
adaptation  will  all  be  diffieult  to  overeome  in  their  own  regard. 

The  development  of  materiel  solutions  to  address  these  operational  obstaeles  will  be 
partieularly  diffieult.  In  the  best  of  eireumstanees,  maintaining  teehnologieal  reaeh  of  all 
objeetive  target  sets  would  be  a  resouree-intensive  effort.  Compounding  this  are  additional 
ehallenges  in  the  requirements,  resouree  and  aequisition  proeesses  whieh  will  amplify  the 
magnitude  of  an  already  diffieult  objeetive.  These  are  the  breadth  of  teehnologieal  ehange,  the 
paee  of  teehnologieal  innovation  and  the  operators’  demands  for  rapid  eapability  delivery. 
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Breadth  of  Technological  Change 


Network  warfare  operators  will  be  tasked  to  not  only  defend  their  networks,  but  attack  and 
enable  the  exploitation  of  adversary  systems.  These  networks,  both  friendly  and  adversary,  are 
defined  by  the  systems,  links  and  applications  which  are  employed  on  them.  Clearly,  these  are 
technology-intensive  targets  and  it  can  be  assumed  that  an  equally  advanced  technological 
system  would  be  required  to  sufficiently  defend,  attack  or  exploit  it. 

A  key  challenge  to  future  network  warfare  operators  will  be  in  maintaining  their  ability  to 
affect  a  targeted  network  as  that  system  is  upgraded  and  transformed  over  time.  Previously 
designed  systems  to  provide  access  and  affect  the  network  may  become  ineffective  should  those 
vulnerable  areas  be  modified.  To  appreciate  the  breadth  of  technological  change  and  its  potential 
impact  on  offensive  cyberspace  operations,  it  helps  to  consider  a  representative  network  that 
might  be  the  target  of  a  network  warfare  operation. 

In  general,  networks  can  be  described  as  a  system  of  systems,  with  multiple  levels  of 
component  hardware  and  software  within  each.  A  cellular  communications  network,  for 
example,  will  consist  of  mobile  handsets.  They  will  communicate  to  a  fixed  base  station  while 
within  its  radio  line  of  site  and  then  these  handsets  will  be  transferred  to  the  next  nearest  base 
station  within  the  network.  Communications  between  the  mobile  caller  and  the  call  recipient 
will  be  routed  through  the  base  station  and  then  through  some  medium,  either  fiber,  cable  or  via 
radio  frequency,  to  a  central  switching  office.  In  turn,  the  call  will  be  routed  back  to  another 
base  station  within  the  same  network  or  it  will  be  distributed  through  a  public  switching  network 
to  the  intended  recipient. 

This  description  of  personal  communication  systems  through  a  mobile  network,  although 
oversimplified,  is  complex  enough  and  one  can  appreciate  the  technological  challenges 
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associated  with  either  infiltrating  or  attaeking  sueh  a  network.  However,  the  deseription  above 
pales  in  eomparison  to  the  teehnieal  details  omitted.  No  mention  has  been  made  of  potential 
differenees  in  the  numerous  mobile  phone  deviees  available  or  the  enerypted  nature  of  the 
eommunieation.  Nor  has  there  been  discussion  of  the  eomplex  billing  and  routing  software  used 
to  identify  mobile  subseribers  with  aeeess  privileges  to  that  individual  mobile  network,  or  the 
antenna  arrays  used  to  reeeive  and  transmit  data  to  the  mobile  eommunieations  deviee. 
Additionally,  no  mention  is  made  of  the  content  of  the  digital  data  stream,  whether  that  be  audio, 
still  or  moving  imagery,  or  data  for  other  purposes. 

The  scope  of  the  potential  ehallenges  assoeiated  with  technologieal  ehange  ean  be  seen 
when  eonsidering  any  individual  eomponent  of  the  network.  The  mobile  handset  itself  may  have 
a  certain  type  of  seeurity  or  proeessor  that  exeeeds  that  of  its  predeeessors.  The  enerypted 
eommunieations  between  the  personal  eommunieations  deviee  and  the  base  station  tower  might 
be  modified  over  time,  as  might  be  a  different  set  of  seeurity  protoeols  applied  to  the 
eommunieations  links  between  the  base  station  and  the  eentral  switehing  station.  Software  might 
be  upgraded  throughout  the  system,  ranging  from  the  handset  to  the  underlying  eall  set  up 
software  to  the  supporting  network  software 

An  offensive  or  intelligenee-foeused,  network  warfare  effort  may  have  had  some  level  of 
initial  sueeess  in  aeeessing  the  network  when  it  was  in  a  eertain  teehnieal  eonfiguration.  But  ean 
the  same  level  of  aeeess  can  be  assured  when  those  eonfigurations  are  changed?  Upgrades  and 
ehanges  ean  oeeur  on  a  frequent  basis,  with  no  advanee  indieation  of  the  pending  modifieation. 
The  potential  effeet  on  cyberspace  operators  might  be  that  they  now  eannot  penetrate  the  targeted 
network  to  aehieve  their  desired  effects.  The  breadth  of  teehnologieal  ehange,  then,  is  a 
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consideration  that  must  be  made  when  determining  how  network  warfare  systems  will  be 
developed  and  the  proeesses  used  to  guide  that  development. 


Pace  of  Technological  Innovation 

The  eonsequenees  of  widespread  eonfiguration  ehanges  pose  daunting  ehallenges 
themselves.  Compounding  the  seenario  and  making  it  an  even  more  difficult  obstacle  is  the  paee 
at  whieh  these  ehanges  may  oeeur.  A  dedieated  effort  to  maintain  illieit  aeeess  to  a  single 
network  might  be  possible  as  an  individual  eomponent  is  modified,  but  how  well  might  that 
eapability  perform  when  multiple  eomponents  on  the  targeted  network  are  being  upgraded  and 
on  a  frequent  basis?  The  paee  of  technologieal  innovation  may  pose  the  most  serious  ehallenge 
to  network  warfare  operators,  eausing  a  never  ending  eyele  of  teehnologieal  reeonnaissanee  to 
determine  the  as-then  current  make  up  of  the  targeted  network. 

This  paee  of  teehnologieal  ehange  may  vary  with  the  type  of  network.  Government- 
managed  or  military-eontrolled  networks  may  ehange  at  a  slower  paee,  but  the  modifieations 
themselves  may  be  far  more  advaneed  than  what  might  be  seen  in  the  eommereial  seetor. 
Commereially  operated  systems  might  experienee  ehange  at  a  mueh  more  constant  rate,  although 
some  eomponents  within  the  network  may  be  modified  more  frequently  and  at  a  magnitude 
beyond  that  of  other  elements.  Hybrid  systems,  eommereial  systems  that  are  being  used  for 
government  or  military  purposes,  suggest  a  third  eonsideration.  The  end  user  of  a  hybrid  system 
may  drive  performanee  or  seeurity  requirements  that  ean  be  achieved  quickly  due  to  the  influx  of 
government  investment. 
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Users  on  a  potentially  targeted  network  will  drive  the  operational  requirements  of  the 
system;  however,  the  teehnologieal  leaders  responsible  for  its  development  will  identify  the 
solution  and  opportunities  for  improved  network  performance.  Network  warfare  operators  will 
be  somewhat  reactive  to  these  technologists  and  network  administrators  as  they  modify  the 
systems  which  the  cyberspace  forces  seek  to  attack. 

Just  as  those  responsible  for  our  networks,  adversaries  are  also  going  to  consider 
modifications  which  improve  performance,  increase  security  and  offer  advanced  capabilities.  In- 
house  design  may  lead  to  some  improvements  in  the  marketplace;  however,  it  will  largely  be  the 
commercial  marketplace  which  provides  the  broader  set  of  available  options.  With  the  past  two 
decades  as  a  guide,  one  can  see  how  quickly  new  systems  or  more  capable  applications  become 
available. 

A  term  often  used  to  describe  this  rapid  pace  of  technological  innovation,  particularly  with 
respect  to  the  Internet,  is  the  “web  year.”  First  described  in  the  mid-1990s  during  the  “dot 
com”  boom,  it  describes  the  speed  at  which  new  developments  occur  in  web-based  applications. 
The  web  year  is  defined  as  that  time  period  of  discovery  and  innovation  which  roughly  equals 
the  technological  evolution  in  other,  more  traditional  development  areas  within  one  calendar 
year.  There  is  no  set  time  period  which  equates  to  a  web  year,  but  its  proponents  suggest  periods 
as  short  as  two  months  to  perhaps  as  long  as  four  months.  What  is  clear  is  that  there  are  multiple 
development  cycles  occurring  within  a  single  calendar  year. 

How  might  this  pace  of  technological  advancement  affect  network  warfare  operations?  As 
described  previously,  the  breadth  of  technological  change  is  immense  within  the  network. 

*  Search  SOA,  “Web  Year,”  http://searchsoa.techtarget.com/sDefinition/0„sid26_gci853845,00.html  (accessed  15 
December  2008). 

^  BX.com  Terminology  Reference,  “Web  Year,”  http://www.bx.com/dictionary/ecommerce/Web_year.cfm 
(accessed  15  December  2008). 
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Numerous  components,  both  hardware  and  software,  might  be  adapted  for  new  capabilities. 
Compounding  that  might  be  the  frequency  of  change.  Using  the  most  conservative  of  estimates 
of  a  web  year  equating  to  four  months,  then  there  is  potential  for  three  innovation  cycles  which 
might  be  applied  to  the  network  within  a  single  year. 

This  is  not  to  say  that  only  materiel  components  would  be  affected  by  the  pace  of 
technological  change.  Advancements  in  individual  components  or  certain  segments  of  the 
network  might  be  one  consideration,  but  so  would  the  unforeseen  applications  of  that  new 
technology.  Not  only  does  the  web  year  refer  to  the  development  of  components,  but  how  those 
different  technologies  and  applications  might  be  bundled  to  present  the  user  new  capabilities.  A 
single  calendar  year  of  development  might  see  two  or  more  unexpected  applications  which  now 
might  be  adopted  via  “commercial  off  the  shelf’  processes  by  a  potential  adversary,  providing  a 
new  pop-up  application.  Depending  on  how  that  application  or  device  might  be  employed  and 
its  importance  within  the  adversary  network,  it  may  require  network  warfare  operators  to  develop 
a  new  capability  to  target  or  exploit  it. 

Operational  Urgency  Demand 

Network  warfare  operators  will  face  significant  challenges  in  maintaining  advantage  against 
their  targeted  networks.  As  noted  earlier,  the  breadth  of  systems  and  how  those  networks  are 
employed  by  the  adversary  will  make  the  technical  challenges  to  achieving  operational  effects 
difficult.  Adding  to  this  may  be  the  adversary’s  unanticipated  modifications  to  their  network, 
either  by  upgrades  or  new  applications,  at  a  pace  difficult  for  cyberspace  forces  to  either  keep 
abreast  or  forecast. 
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As  in  any  other  warfighting  domain,  development  and  operations  within  the  cyberspaee 
medium  will  oecur  in  a  resouree  eonstrained  environment.  There  are  only  so  many  eapable 
personnel  and  funds  available,  and  a  finite  number  of  development  efforts  which  might  be 
undertaken.  This  places  increasing  importance  on  the  requirements  generation  process,  where 
senior  leadership  can  focus  the  limited  resources  available  on  the  highest  priority  items.  In  the 
area  of  cyberspace  operations,  these  priorities  will  be  guided  by  continual  assessment  of  the  most 
likely  and  most  dangerous  scenarios,  as  well  high-payoff  efforts  which  may  address  shortfalls 
and  add  capabilities  in  multiple  areas. 

With  the  nature  of  the  cyberspace  domain,  these  requirements  may  be  generated  by 
commanders  and  operators  frequently.  They  might  be  identified  through  intelligence 
assessments  of  potential  target  networks  or  the  realization  that  previously  fielded  network 
warfare  tools  are  no  longer  effective  against  the  designated  systems.  A  more  likely  and 
dangerous  scenario  may  be  the  emergent  target  set  that  pops  up  as  part  of  a  contingency 
operation  or  combat  engagement. 

Conventional  military  forces  and  their  associated  materiel  may  also  experience  these 
contingencies  and  engagements;  however,  their  combat  materiel  may  be  largely  operationally 
effective  regardless  of  the  location  of  the  fight  or  the  adversary.  Geography,  climate,  operating 
environment  and  adversary  capabilities  will  vary  with  every  operation,  and  the  deployment  of 
conventional  air,  ground  and  maritime  units  will  be  tailored  for  the  scenario.  Given  the  current 
defense  procurement  processes,  materiel  capabilities  supporting  these  units  are  intended  to 
operate  in  a  wide  variety  of  environments  and  against  a  spectrum  of  potential  adversaries  and 
threats.  Instead  of  rapid  materiel  adjustments  to  address  the  changing  operating  environments. 
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conventional  military  forces  modify  their  tactics  or  leverage  other  advantages  against  the 
adversary. 

Network  warfare  systems,  however,  operate  in  a  different  medium  of  conflict.  The 
challenges  faced  by  cyberspace  capabilities  are  defined  by  the  very  nature  of  the  environment  in 
which  they  operate.  Variations  of  technology,  adversary  systems  and  how  adversary  forces 
employ  those  networks  indicate  an  operating  environment  of  a  much  different  nature  for 
cyberspace  forces.  These  network  warfare  elements  may  find  themselves  being  tasked  to 
achieve  effects  in  networks  against  which  they  had  not  anticipated  or  had  not  yet  committed 
resources  to  develop  capabilities.  Effectively  prevented  from  accessing  or  affecting  the  network, 
operators  may  not  be  able  to  modify  their  tactics  as  conventional  military  forces  may  do. 

Once  identified  as  potential  networks  of  interest,  operators  will  begin  their  target  and 
technical  analysis.  Technical  reconnaissance  or  other  means  may  identify  vulnerabilities  or 
methods  to  affect  the  adversary  system  or  the  information  within  it.  In  turn,  emergent 
requirements  will  be  identified  to  exploit  these  newly  found  vulnerabilities  in  the  hostile 
network.  Techniques  might  be  developed  which  leverage  existing  capabilities  in  new  operating 
schemes,  but  it  is  just  as  likely  that  new  technological  developments  must  be  initiated  to  satisfy 
the  emergent  requirements. 

Battlespace  leaders  and  conventional  forces  have  long  made  use  of  the  “OODA  loop”  to 
describe  how  they  make  decisions  in  combat.  This  concept  describes  how  decision  makers 
observe,  orient,  decide  and  act  in  complex  and  dynamic  combat  environment.^*^  The  objective  of 
the  combat  leader  is  to  compress  the  OODA  loop  so  that  he  achieves  awareness  of  the 
battlespace  and  adversary  actions,  while  deciding  his  course  of  action  and  then  implementing  it 

***  Value  Based  Management,  “Information  Warfare  OODA  Loop,” 

http://www.valuebasedmanagement.net/methods_boyd_ooda_loop.html  (accessed  20  January  2009). 
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before  his  adversary  ean  do  the  same.  Cyberspaee  operations  will  also  employ  this  OODA  loop 
eoneept;  however,  the  outeome  of  the  deeision  eyele  may  foree  some  ways  ahead  that  would  be 
unlikely  in  eonventional  eombat  engagement. 

When  tasked  with  affeeting  a  network  in  an  unantieipated  operating  environment,  the 
eyberspaee  leadership  may  observe  that  new  teehnologies  or  applieations  have  been 
implemented  on  the  adversary’s  system.  Similarly,  they  may  orient  to  a  preferred  eourse  of 
aetion  that  requires  modifieation  or  a  new  development  effort  to  speeifioally  target  a  vulnerable 
node.  This  suggests  that  the  OODA  loop,  as  applied  to  the  eyberspaee  domain,  may  orient  its 
immediate  aetions  towards  teehnologieal  development  efforts  to  aehieve  operational 
effeetiveness  against  these  newly  identified  target  networks. 

The  foeused  operational  attention  to  a  speeifie  adversary,  network,  applieation  or 
information-based  target  will  likely  generate  operational  requirements  to  the  supporting  resouree 
and  aequisitions  eommunity.  This  sense  of  operational  urgeney,  both  in  breadth  and  volume, 
may  overwhelm  the  enabling  teehnologists  whieh  would  be  tasked  to  provide  a  materiel  solution 
within  a  short  delivery  eyele.  Challenging  as  that  may  be,  the  operational  eommunity  and 
eapability  developers  will  also  have  to  eontend  with  eorporate  proeesses  intended  to  oversee  the 
development  of  materiel  solutions  for  eombat  forees.  The  operational  sense  of  urgeney  to 
aequire  and  field  these  emergent  requirements  may  elash  with  the  timeframe  assoeiated  with  the 
bureaueratie  proeesses  satisfying  the  need. 
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Chapter  3 


Industrial-Era  Corporate  Processes 


It’s  not  technology.  This  is  culture.  This  is  the  imperative  to  change,  and  be 
convinced  that  the  imperative  is  real  and  will  advantage  us.  Getting  the  inertia 
going  to  get  the  system  changed  is  the  challenge  that ’s  in  front  of  us. 

—  General  James  Cartwright,  Viee  Chairman,  Joint  Chiefs  of  Staff 

To  gain  or  maintain  operational  advantage  in  network  warfare  operations,  rapid  eapability 
development,  aequisition  and  fielding  must  be  the  norm  and  not  the  exeeption  for  eyberspaee 
platforms  and  tools.  This  is  essential  to  enable  operational  eapability  against  both  emerging 
targets,  ehanging  networks  and  new  teehnologies.  However,  eurrent  Department  of  Defense  and 
Air  Foree  proeesses  do  not  support  or  enable  this  operational  neeessity.  The  eurrent 
requirements  generation  proeess,  resouree  alloeation  proeess,  and  traditional  aequisitions 
methods  do  not  effeetively  support  network  warfare  operations. 

The  development,  proeurement  and  deployment  needs  within  the  eyberspaee  domain  differ 
from  more  traditional  military  systems.  These  differenees  are  brought  about  by  the  nature  of  the 
eyberspaee  medium,  its  enabling  teehnology,  and  the  rapidity  in  whieh  teehnologieal  advanees 
may  be  generated.  Unlike  the  traditional  warfighting  domains  and  their  ability  to  affeet  their 
targets,  eyberspaee  operations  are  mueh  more  dependent  on  and  vulnerable  to  rapid  ehanges  in 
the  teehnologieal  landseape.  Just  as  operators  must  ehange  their  taeties  to  a  new  threat  or 
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changing  environment,  so  too  must  eorporate  proeesses  be  modified  when  they  are  unable  to 
effeetively  support  the  operational  requirements. 

The  eurrent  defense  planning,  programming  and  budgeting  system  traees  its  roots  to  1961 
and  then-Seeretary  of  Defense  Robert  MeNamara.  It  was  developed  with  the  intent  towards 
coordinating  resource  investment  and  capability  development  deeisions  aeross  the  Department  of 
Defense.  It  was  a  neeessary  improvement  given  the  nature  of  military  systems  proeurement  and 
development  at  the  time,  allowing  the  department  to  focus  on  an  “output  oriented,  well 
doeumented,  (and)  systematieally  aeeountable”  proeess.''  While  the  planning,  programming  and 
budgeting  proeesses  have  evolved  over  time,  its  emphasis  remains  focused  on  identifying  and 
prioritizing  operational  eapability  needs  and  alloeating  limited  resourees  to  address  those  needs. 

Requirements  generation  and  system  aequisition  proeesses  also  found  their  start  in  the  Cold 
War  era.  The  Department  of  Defense  sought  to  synehronize  weapons  development  efforts  with 
identified  warfighting  requirements,  while  also  providing  an  oversight  meehanism  to  oversee  the 
programs  whieh  had  been  initiated.  The  requirements  proeess  linked  Serviee  visions  and 
planning  regarding  future  eapabilities  with  those  warfighting  eonstructs  and  operational  needs 
identified  by  the  Department  of  Defense  and  joint  warfighting  eommands.  Similarly,  aequisition 
direetives  and  regulations  provided  a  eonsistent  business  proeess  for  military  aequisition  efforts, 
the  program  offiees  whieh  direet  them  and  the  defense  eontraetors  funded  to  build  the  eapability. 

These  eorporate  processes  have  been  frequently  eritieized  on  their  ability  to  satisfy 
operational  requirements,  while  remaining  within  eost  and  delivery  sehedule  eonstraints.  A  2008 
report  by  the  Government  Aeeountability  Offiee  found  that  eurrent  aequisition  programs  were 


*’  Carol  L.  DeCandido,  An  Evolution  of  Department  of  Defense  Planning,  Programming  and  Budgeting  System: 
From  SECDEF  McNamara  to  VCJCS  Owens,  US  Army  War  College  Strategy  Research  Project  (US  Army  War 
College,  Carlisle  Barracks,  PA,  4  June  1996). 
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delayed  on  average  over  21  months  in  “delivering  initial  eapabilities  to  the  warfighter.”  And 
despite  past  efforts  to  improve  eorporate  proeesses  within  the  Department  of  Defense,  it  appears 
as  if  they’ve  not  had  positive  effect.  This  delay  represents  a  five-month  increase  over  the 
Government  Accountability  Office’s  assessment  of  systems  delivered  in  Fiscal  Year  2000. 

Not  only  have  capability  delivery  times  increased,  so  too  have  the  costs.  The  same  report 
found  that  overall  research  and  development  costs  exceeded  their  budget  by  40%  in  Fiscal  Year 
2005  (up  from  27%  in  2000),  while  total  acquisition  costs  were  over  initial  cost  estimates  by 
26%  in  Fiscal  Year  2005  (up  from  6%  in  2000).^^  Worse  still,  the  “programs  (the  Government 
Accountability  Office)  assessed  failed  to  deliver  the  capabilities  when  promised”  and  more  than 
14%  of  acquisition  programs  were  more  than  four  years  late  in  providing  a  capability.*"^ 

Similar  statistics  for  how  cyberspace  programs  perform  in  development  and  acquisition 
processes  are  not  available;  however,  it  is  useful  to  consider  other  technology-intensive  efforts  as 
a  close  approximation.  The  Vice  Chairman  of  the  Joint  Chiefs  of  Staff,  General  James 
Cartwright,  recently  commented  that  “the  current  method  of  procurement  for  information 
technology  is  so  slow  that  by  the  time  software  systems  and  the  like  are  purchased,  they’re  out  of 
date.”*^  His  comments  were  amplified  further  by  Mr.  Robert  Carey,  the  Navy’s  chief 
information  officer.  “The  acquisition  system  is  a  challenge.  Things  are  moving  really  fast,”  said 
Mr.  Carey.  “The  acquisition  system  and  more  importantly,  the  budgeting  system,  move  at  a 
different  pace.”*^ 


US  Government  Accountability  Office,  Defense  Acquisitions:  Fundamental  Changes  are  Needed  to  Improve 
Weapon  Program  Outcomes,  Testimony  before  the  US  Senate,  GAO-08-1159T  (Washington  DC,  25  September 
2008),  2. 

Ibid,  4. 

Ibid,  2. 

Antonie  Boessenkool,  “DoD  IT  Procurement  Too  Slow:  Cartwright,”  Defense  News,  4  March  2009. 

Ibid. 
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Based  on  interviews  with  senior  leaders  within  the  Air  Foree  network  warfare  eommunity, 
there  appears  to  be  similar  eoneern  with  the  eurrent  eorporate  proeesses  and  their  suitability  for 
equipping  eyberspaee  forees.  Colonel  Bradford  Shwedo,  eommander  of  the  67*'^  Network 
Warfare  Wing,  eommented  that  development  needs  and  operational  demands  of  eyberspaee 
systems  “do  not  lend  themselves  to  being  satisfied”  by  eurrent  Department  of  Defense  and  Air 
Foree  proeesses  to  field  more  eonventional  weapon  systems.  Instead  of  making  adjustments 

within  these  proeesses,  he  finds  those  responsible  with  satisfying  the  stated  operational 

1 8 

requirements  are  “retreating  to  what’s  eomfortable  for  them.” 

Our  eurrent  eorporate  proeesses  were  developed  in  a  different  time  and  faeed  different 
ehallenges.  Certainly  there  is  a  need  for  oversight,  prioritization  sehemes  and  the  elose  linkage 
of  investments  with  the  most  important  materiel  development  and  proeurement  efforts. 
Cyberspaee  systems,  however,  may  prove  more  diffieult  to  develop  within  these  established 
proeesses.  Through  interviews  with  those  elosely  assoeiated  with  these  proeesses,  one  is  led  to 
believe  that  ehanges  should  be  made  and  allowanees  eonsidered  for  the  unique  aspeets  in 
equipping  network  warfare  forees. 

Requirements  Generation  Process 

Multiple  inputs  drive  requirements  generation  to  some  degree,  eaeh  providing  their  own 
level  of  direetion  and  fidelity  to  future  weapons  systems.  The  Serviee’s  vision  and  the  functional 
area’s  Mission  Area  Plan  provide  the  conceptual  framework  of  the  mission  area’s  contribution  to 
warfighting,  as  well  as  a  macro-level  identification  of  gross  mission  capabilities.  These 
documents  do  not  provide  sufficient  detail  to  drive  a  specific  weapon  system’s  development,  but 

Col  Bradford  Shwedeo  (67*  Network  Warfare  Wing),  interview  by  the  author,  25  February  2009. 

Ibid. 
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they  do  indicate  Service  and  major  command-level  advocacy  for  systems  that  may  satisfy  the 
Service’s  vision  and  mission  area  planning  needs. 

Mission  Needs  Statements  from  either  joint  combatant  commands  or  Air  Force  major 
commands  are  the  first  documents  that  provide  a  more  refined  level  of  detail  to  the  both  the 
functional  area  or  acquisitions  community  that  an  operational  need  exists  which  is  not  being 
satisfied  by  a  current  capability  or  development  effort.  A  more  pressing  operational  deficiency  is 
identified  through  a  Combat  Mission  Needs  Statement  or  Joint  Urgent  Operational  Need 
statement.  These  receive  the  highest  visibility  due  to  their  immediate  need  for  current  or  pending 
operations,  with  the  intent  of  delivering  the  capability  as  soon  as  feasible  to  meet  operational 
requirements.  Operational  requirements  documents  take  these  need  statements  and  provide  a 
more  detailed  level  of  operational  and  performance  requirements,  identifying  the  threshold  and 
objective  requirements  for  the  desired  capability. 

Mr.  John  Clemens,  a  defense  contractor  assigned  to  the  Air  Force’s  functional  management 
office  for  cyberspace  operations,  noted  that  a  “well-defined  requirement  is  the  true  source  of 
stagnation”  in  fielding  viable  cyberspace  capabilities,  and  that  “requirements  definition  is  the 
make-or-break  part”  in  focusing  effort  to  satisfy  the  operational  need.'^  As  is  the  case  with  other 
defense  programs,  requirements  are  developed  with  an  eye  towards  broad  application  against  a 
number  of  potential  adversaries.  This  is  done  for  perceived  cost  savings  in  having  one  system 
capable  of  satisfying  a  number  of  operational  requirements.  In  an  effort  to  achieve  operational 
capability  on  a  broader  scale,  more  immediate  and  refined  operational  needs  are  left  unsatisfied 
until  they  can  be  consolidated  and  integrated  into  other  network  warfare  development  efforts. 


John  Clemens  (Northrop  Grumman  Corporation),  interview  with  the  author,  25  February  2009. 
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This  leaves  network  warfare  leaders  and  operators  frustrated  as  they  wait  for  an  incremental 

20 

capability  delivery.  “Just  give  me  anything,”  says  Colonel  Shwedo. 

Operational  requirements  documents  are  not  typically  focused  on  a  single  adversary;  that  is, 
materiel  capabilities  are  not  tailored  for  a  single  adversary  or  a  single  combat  environment. 
Conventional  military  forces  do  not  focus  on  one  contingency,  nor  are  their  materiel  capabilities 
intended  to  satisfy  operational  requirements  in  only  one  region  or  type  of  conflict.  Cyberspace 
operations,  however,  are  required  to  do  just  that.  An  operational  requirement  to  affect  a  certain 
type  of  network  may  exist  in  multiple  regions,  but  the  application  which  achieves  the  desired 
effect  may  be  so  tailored  to  a  single  adversary  network  and  its  system  components  that  it  does 
not  have  utility  against  any  other  network,  perhaps  even  in  the  same  country  or  region. 

Similarities  exist  in  satisfying  other  non-conventional  military  force  needs.  Speaking  of 
irregular  warfare  and  stability  operations.  Secretary  of  Defense  Robert  Gates  commented  that 
“conventional  modernization  programs  seek  a  99  percent  solution  over  a  period  of  years,”  while 
more  immediate  needs  in  irregular  warfare  operations  might  be  achieved  with  a  75  percent 
solution  within  a  few  months.  The  analogy  applies  to  the  cyberspace  domain  as  well.  The 
Pareto  Principle  and  its  unintended  consequences  come  to  mind.  The  80  percent  solution  might 
be  achieved  in  20  percent  of  the  allotted  development  time,  while  the  remaining  20  percent  of 
requirements  account  for  the  remaining  80  percent  of  the  delivery  schedule.  A  requirement 
process  focusing  more  on  specific  capabilities  and  adversary  networks  would  be  more  effective 
in  fielding  operationally-relevant,  cyberspace  capabilities. 

Delivery  time  is  an  exceptionally  valued  commodity  for  network  warfare  operators. 
Typically,  we  associate  delays  in  capability  delivery  with  a  failure  of  the  acquisition  community 

Col  Bradford  Shwedeo  (67*  Network  Warfare  Wing),  interview  by  the  author,  25  February  2009. 

Robert  Gates,  “Preparing  the  Pentagon  for  a  New  Age,”  Foreign  Affairs,  January  and  February  2009. 
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to  produce  the  required  item.  Before  the  aequisition  community  can  begin  its  efforts,  however,  it 

must  have  an  identified  and  vetted  requirement.  In  this  regard,  the  mission  area  managers  and 

lead  requirements  organizations  play  an  essential  step  in  shepherding  the  requirement  through 

the  staffing  approval  proeess.  For  the  leadership  and  operators  in  the  network  warfare 

eommunity,  that  wateh  towards  the  cloek  begins  when  their  operational  delicienoy  or  mission 

22 

requirement  is  identified  to  the  staffing  elements. 

The  timelines  assoeiated  with  maero-level  doeuments  sueh  as  the  network  warfare 
eommunity’ s  mission  area  plan  approximate  a  year  in  development  and  eoordination. 
Additionally,  their  publication  is  timed  so  that  it  purposefully  leads  into  the  next  planning, 
programming  and  budgeting  proeess,  with  the  intent  to  gaining  advoeaey  for  future  funding. 
This  proeess  may  work  well  for  traditional  military  systems  that  are  developed  over  years  and 
have  operational  eapability  throughout  their  warfighting  domain,  but  it  does  not  promote  timely 
identifieation  or  investment  towards  priority  efforts  in  network  warfare  operations.  Planning 
doeuments  whieh  are  produeed  one  or  two  years  in  advanee  of  the  eapability  being  developed  do 
not  offer  suffieient  direetion  in  focus.  Further,  requirements  development  and  then  later 
eoordination  through  the  resouree  alloeation  proeess  eould  equate  to  two  or  three  years  delay 
before  researeh  work  is  applied  towards  solving  the  operational  defieieney. 

When  eonsidering  the  “web  year”  paee  at  whieh  teehnology  may  ehange  in  a  targeted 
network  and  wide  range  of  eomponents  that  may  be  affeeted,  time  between  identified  need  and 
eapability  delivery  must  be  eompressed.  Capt  Erie  Stride,  eyber  operations  aetion  offieer  within 
the  67*  Network  Warfare  Wing,  eomments  that,  “effective  eomputer  network  attack  requires 
multiple  tools  and  eapabilities  used  in  eoneert.  The  target  set  and  battlespaee  are  quite  dynamie 


Jeffrey  Faucheux  (Harris  Corporation),  interview  with  the  author,  2  February  2009. 
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and  the  needs  to  keep  up  with  ehanges  in  those  entities  are  eritieal  to  sueeess.”  If  the  proeess, 
he  says,  “prevents  timely  delivery  of  eapabilities  due  to  ineffieieneies,  then  that  will  direetly 
impact  the  mission  effectiveness  of  network  warfare  forces. The  requirements  generation 
process  must  be  shortened  so  that  the  acquisitions  community  can  focus  its  efforts  on  the  most 
urgent  needs.  Lt  Col  Fred  Baier,  program  element  monitor  for  network  warfare  systems,  agrees 
that  more  attention  must  be  put  towards  the  requirements  generation  process  to  ensure  limited 
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resources  are  allocated  to  the  most  worthwhile  and  best  defined  efforts. 

Dr.  William  Perry,  former  Secretary  of  Defense,  relayed  his  frustration  with  the 
requirements  process  in  his  efforts  to  develop  advanced  technology  programs  while  serving  as 
the  Undersecretary  of  Defense  for  Research  and  Engineering  in  the  late  1970s.  He  noted  that  to 
push  requirements  through  the  defense  bureaucracy,  there  had  to  be  constituency  supporting  the 
program.  If  that  senior  level  advocate  did  not  exist,  then  the  program  typically  was  not 
supported  within  a  military  service.  Dr.  Perry  made  this  comment  with  respect  to  his  efforts  in 
establishing  programs  for  stealth  aircraft,  advanced  intelligence  sensors  and  precision  guided 
munitions.  These  were  the  “right  choices  with  thoughtful  uses,  and  bought  smarter”  than  other 
military  procurement  programs  of  their  day.  Yet,  Dr.  Perry  still  met  resistance  from  individual 
military  services  in  pursuing  these  promising  technologies.  Their  requirements  processes  had 

not  generated  these  concepts  as  solutions  to  their  operational  needs  and  they  sought  other 
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investments  until  they  were  obligated  down  the  path  towards  more  advanced  capabilities. 

Current  processes  do  not  appear  to  support  an  abbreviated  requirements  generation  process. 
Operational  requirements  documents  are  written,  staffed  and  approved  over  such  a  long 

Capt  Eric  Stride  (67*  Network  Warfare  Wing),  interview  with  the  author,  13  March  2009. 

Ibid. 

Lt  Col  Fred  Baier  (Office  of  the  Secretary  of  the  Air  Force),  interview  with  the  author,  12  February  2009. 

Dr.  William  Perry  (former  Secretary  of  Defense),  interview  with  the  author,  2  March  2009. 
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timeframe  that  the  operational  need  may  be  obsolete  before  the  eapability  is  delivered  or  even 
more  pressing  operational  defieieneies  may  be  identified.  As  General  Cartwright  eommented,  “it 
takes  longer  to  deelare  a  new  (program)  start  than  the  lifeeyele  of  the  software  paekage”  in  the 
information  teehnology  arena.  Teehnology  intensive  systems  eondueting  network  warfare  would 

77 

find  this  to  be  true  in  their  materiel  development  as  well. 

Resource  Allocation 

It’s  often  said  in  the  Pentagon  that  a  vision  or  requirement  without  funding  is  known  as  a 
hallueination.  The  attempt  at  humor  is  sometimes  lost  on  those  that  have  not  worked  there,  but  it 
is  an  aeeurate  representation  of  how  the  Department  of  Defense  works.  There  may  be  any 
number  of  validated  requirements.  If  funding  has  not  been  established,  however,  an  aetual 
program  does  not  exist  and  development  efforts  are  not  permitted.  This  underlies  the  importanee 
of  the  resouree  alloeation  aspeet  of  eapability  development.  Should  an  operational  need  be 
identified  by  network  warfare  operators  and  suoeessfully  staffed  through  their  organizational 
ehains,  it  eannot  be  assumed  that  the  requirement  will  be  funded.  Perhaps  even  worse,  a 
requirement  might  work  its  way  through  the  resouree  alloeation  proeess  and  obtain  funding,  but 
on  a  timeline  whieh  does  not  allow  rapid  eapability  development. 

There  are  different  funding  eyeles  for  defense  spending.  In  Pentagon  terminology,  there  are 
the  “out  years”  assoeiated  with  future  year  spending  and  the  Serviee’s  Program  Objeetive 
Memorandum,  the  “budget  year”  whieh  identifies  the  next  fiseal  year’s  spending  plan,  and  the 
“exeeution  year”  whieh  defines  expenditures  within  the  eurrent  fiseal  year.  Elements  within  eaeh 
of  these  funding  proeesses  are  oeeurring  in  some  form  at  the  Pentagon  eaeh  day,  although  there 
are  partieular  periods  on  the  ealendar  in  whieh  one  may  rise  in  visibility  and  importanee.  Of 
Antonie  Boessenkool,  “DoD  IT  Procurement  Too  Slow:  Cartwright,”  Defense  News,  4  March  2009. 
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more  importance  are  the  time  horizons  these  funding  processes  have,  the  staffing  duration 
allocated  to  each  and  the  impact  on  network  warfare  operators. 

The  Program  Objective  Memorandum  is  arguably  the  most  important  of  these  funding 
processes.  It  establishes  programs  of  record  and  future  funding  to  either  satisfy  a  new 
requirement  or  sustain  an  existing  mission  capability.  As  applied  to  a  network  warfare  system, 
the  requirement  would  be  endorsed  by  the  cyberspace  operators’  major  command  and  submitted 
to  the  Air  Force  corporate  process  for  funding  consideration.  Let  us  assume  that  such  a 
requirement  is  funded.  This  resource  approval  does  not  result  in  the  immediate  expenditure  of 
dollars  towards  the  cyberspace  operators’  requirement.  Instead,  it  results  in  a  resource  funding 
wedge  at  least  two  years  in  the  future.  Given  the  nature  of  emerging  targets,  network  innovation 
and  changing  technology,  it’s  difficult  to  identify  needed  operational  requirements  in  the 
cyberspace  domain  within  the  next  six  months.  Mr.  Brown,  deputy  director  for  intelligence  and 

requirements  at  Air  Force  Materiel  Command,  concurs:  “the  (Program  Objective  Memorandum) 
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cycle  is  too  long.” 

As  noted  previously,  one  intent  behind  the  planning,  programming  and  budgeting  process  is 
to  provide  “output  oriented,  well  documented,  (and)  systematically  accountable”  process.  The 
Department  of  Defense  and  the  Service  wants  to  ensure  a  structured  and  reproducible  flow  of 
like  information  to  the  resource  allocation  process.  This  ensures  priorities  are  identified,  costs 
are  assessed  and  resources  allocated  to  the  more  worthwhile  efforts.  Because  it  is  to  be  a  well 
documented  process,  requirements  considered  for  funding  consideration  provide  similar  types  of 
information.  One  of  those  items  to  be  considered  is  technological  risk  and  the  maturity  of  the 
enabling  technology.  Just  as  it  is  difficult  to  anticipate  what  technologies  and  applications  might 
be  faced  in  the  cyberspace  domain  either  12  or  24  months  in  the  future,  it  is  also  difficult  to 
Randy  Brown  (Air  Force  Materiel  Command),  interview  with  the  author,  2  February  2009. 
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identify  what  methods  our  eyberspaee  operators  and  developers  may  take  in  affeeting  those 
future  networks.  This  unknown  level  of  threat  and  how  it  will  be  addressed  eould  work  against  a 
network  warfare  development  effort  being  recognized  as  mature  and  worthy  of  funding. 

On  more  near-term  timeframes,  the  Service  budget  is  being  developed  and  execution  year 
dollars  are  supporting  current  cyberspace  development  efforts  and  operations.  These  funding 
processes  begin  with  amounts  identified  in  earlier  Program  Objective  Memorandum  efforts. 
With  the  more  difficult  task  of  getting  out  year  funding  secured,  it  would  seem  that  budget  and 
execution  year  processes  would  pose  little  difficulties.  Unfortunately,  that  is  not  the  case. 

Programs  are  funded  to  a  top-line  level.  That  is  to  say  that  there  is  a  finite  bound  on  the 
overall  program  expenditures.  Within  that  top-line,  funding  is  specified  for  operations, 
development,  procurement  and  other  purposes.  This  nuance  and  how  those  dollars  are  overseen 
further  complicate  the  resource  allocation  and  funding  distribution  process  for  network  warfare 
operations.  Ultimately,  it  affects  the  cyberspace  community’s  ability  to  move  funding  to  pop-up 
targets,  emerging  opportunities  or  new  technologies. 

In  the  defense  community,  these  funding  lines  are  known  as  “colors  of  money.”  For 
example,  funds  provided  for  operations  and  maintenance  comprise  a  type  of  appropriation  code 
known  as  “3400.”  Research,  development  and  acquisition  efforts  are  funded  with  the  “3600” 
appropriation  code.  These  mechanisms  are  established  to  not  only  provide  accountability  to  see 
where  defense  dollars  are  being  spent,  but  also  to  provide  a  means  to  legally  ensure  they  are 
being  expended  as  directed  by  Congress.  Funded  network  warfare  programs  are  managed  just  as 
other  mission  areas  and  their  programs  are  also  funded  by  these  different  “colors  of  money.” 

Difficulty  arises,  however,  when  one  wishes  to  convert  one  appropriation  type  to  another. 
For  example,  let’s  consider  a  network  warfare  program  that  has  been  funded  at  a  level  of  $10 
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million  in  the  current  budget  year.  Half  of  that  might  committed  towards  operations  and 
maintenance  costs  (appropriation  3400),  while  the  remaining  $5  million  might  be  budgeted 
towards  research,  development  and  acquisition  efforts  (appropriation  3600).  Now  consider  a 
scenario  where  one  needs  to  invest  additional  monies  against  a  pop-up  target  or  to  leverage  a 
new  technology  to  satisfy  an  operational  need. 

The  functional  managers  within  the  network  warfare  community  simply  cannot  take  unused 
operations  and  maintenance  monies  and  allocate  them  towards  the  new  development  effort,  nor 
do  they  have  the  authority  to  take  existing  development  dollars  and  apply  them  towards  the 
potentially  lucrative  development  efforts.  Legally,  the  program  managers  are  obligated  to  spend 
those  dollars  as  they  have  been  appropriated  to  them  until  they  have  approval  from  the  corporate 
process  to  move  those  dollars  to  new  efforts. 

The  need  to  quickly  re-direct  development  efforts  is  an  operational  necessity  within  the 
network  warfare  community,  but  not  necessarily  one  within  the  development  efforts  of  other 
warfighting  domains.  Technological  opportunities  may  arise  in  other  conventional  weapons 
development  programs,  but  they  do  not  occur  with  the  frequency  and  rapidity  as  they  may  in  the 
cyberspace  domain.  For  those  outside  the  network  warfare  community,  identifying  a  new 
development  area  and  attempting  to  re-allocate  resources  may  suggest  a  program  that  is 
assuming  risk  and  not  technologically  mature.  Network  warfare  operators,  however,  see  this  as 
an  essential  method  to  leverage  “best  of  breed”  and  emerging  technology  that  may  not  have  been 
available  when  the  initial  development  solution  was  identified. 

There  does  appear  to  be  some  recognition  of  this  problem  and  steps  are  being  taken  to 
address  this  issue  within  the  functional  management  offices  overseeing  resource  investments  for 
cyberspace  operations  and  development.  Lt  Col  Baier,  tasked  with  program  oversight  for 
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cyberspace  research  and  acquisition  efforts,  eommented  that  he  has  gained  flexibility  in  moving 
investment  dollars  around  within  his  portfolio.  This  resouree  “maneuver  room,”  as  he  ealls  it,  is 
essential  in  making  sure  what  limited  dollars  the  eommunity  has  available  is  put  towards  those 
most  pressing  needs  and  promising  teehnologies. 

Development  and  Acquisition 

After  the  requirements  and  resource  alloeation  proeesses  are  eompleted,  the  development 
and  aequisition  proeess  ean  begin.  It  faees  its  ehallenges  as  well  in  fielding  effeetive  eyberspaee 
eapabilities,  just  as  other  weapons  systems  development  efforts  experienee  in  other  warfighting 
domains.  Satisfaetory  eost,  sehedule  and  performanee  are  not  neeessarily  assumed  to  result  in 
this  proeess,  as  shown  previously  in  the  findings  of  the  Government  Aceountability  Office. 
Unfortunately,  delivery  and  system  eapability  shortfalls  have  more  immediate  effeets  on  network 
warfare  operations. 

The  aequisitions  proeesses  within  the  Department  of  Defense  have  been  eritiqued  frequently 
over  the  past  decades,  with  many  finding  fault  in  their  seeming  inability  to  deliver  promised 
systems  on  a  timeline  aeeeptable  to  the  end  user,  while  also  remaining  within  budget  limitations. 
There  have  been  numerous  “blue  ribbon”  commissions  established  to  review  these  aequisition 
proeesses,  yet  all  of  these  have  been  foeused  on  aequisition  guidelines,  direetives  and  proeedures 
for  traditional  weapons  systems  development  and  proeurement.  There  has  not  yet  been  a  study 
foeused  on  how  network  warfare  systems  are  ill-served  by  a  proeess  that  beeomes  more  rigid 
with  eaeh  study. 

Lt  Col  Tamara  Sehwartz,  ehief  of  the  eyberspaee  eapabilities  integration  offiee  within  Air 
Foree  Materiel  Command,  commented  that  new  revisions  in  the  Department  of  Defense’s 
Lt  Col  Fred  Baler  (Office  of  the  Secretary  of  the  Air  Force),  interview  with  the  author,  12  February  2009. 
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primary  acquisitions  directive  “aetually  makes  the  proeess  more  onerous”  for  eyberspaee 

-5  A 

eapability  development.  Aeeording  to  Mr.  John  Young,  Under  Seeretary  of  Defense  for 
Aequisitions,  the  objeetives  of  the  new  “5000-series”  aequisition  direetive  were  “eontrolling  eost 

-5  1 

and  helping  the  Serviees  deliver  produets  on  time.”  This  was  to  be  aehieved  through  “more 
frequent  and  effeetive  program  reviews  to  assess  progress,”  as  well  as  assessments  of  their 
teehnology  readiness.  Additionally,  “ehanges  eall  for  beefed-up  testing”  of  development 
efforts. 

This  is  but  one  example  of  how  what  might  be  good  for  traditional  weapons  system 
development  is  detrimental  for  network  warfare  efforts.  Col  Shwedo,  eommander  of  the  67* 
Network  Warfare  Squadron,  noted  that  the  eulture  of  the  testing  eommunity  must  be  ehanged 
with  respeet  to  eyberspaee  eapabilities.  Traditionally,  operational  test  and  evaluation  personnel 
are  eommitted  to  testing  every  performanee  eapability  to  their  100%  satisfaetion.  This  is 
understandable,  as  it  is  their  eertifieation  and  approval  whieh  warrants  future  government 
aeeeptanee  of  the  eapability.  However,  Colonel  Shwedo  eommented  that  the  test  and  evaluation 
eommunity  are  not  suffieiently  foeused  on  the  sense  of  urgeney  in  bringing  a  eapability  “online.” 
Instead  he  believes  a  new  manner  of  testing  should  be  established  whieh  allows  a  eonfidenee 
faetor  of  the  testers,  whieh  is  then  aeeepted  or  rejeeted  by  the  operational  eommander  as  a 
eonsideration  of  risk.^"^ 

Mr.  Robert  Giesler,  vice  president  for  eyber  programs  for  a  major  defense  eontraetor, 
eoneurred  with  the  diffieulties  assoeiated  with  the  testing  proeess.  He  believes  the  approaeh 
taken  towards  eomputer  network  weapons  is  due  to  the  exeessive  promotion  of  potential 

Lt  Col  Tamara  Schwartz  (Air  Force  Materiel  Command),  interview  with  the  author,  6  March  2009. 

John  Bennett,  “New  US  Acquisition  Policy  Approved,”  Defense  News,  3  December  2008. 

Ibid. 

Col  Bradford  Shwedo  (67*  Network  Warfare  Wing),  interview  with  the  author,  25  February  2009. 

Ibid. 
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capabilities  in  their  early  development  days.  Some  in  the  eyberspaee  community  suggested 
“mass  destruction-like  effects,”  such  as  shutting  down  a  country’s  entire  electronic  grid  or 
destroying  its  telecommunications  network.  Such  statements  led  some  to  view  cyberspace 
operations  as  having  the  same  “nationwide  effects”  potential  as  nuclear  weapons,  whieh  then  led 
to  “two-key  launch”  mentalities  and  the  thought  that  Presidential  or  Seeretary  of  Defense-level 
authorization  was  needed.  “We  are  a  victim  of  our  own  hyperbole,”  with  respect  to  network 
warfare  effeets  and  it’s  “resulted  in  a  governance  structure”  such  as  that  befitting  more  potent 
systems. 

Other  frustrations  besides  testing  were  noted  by  leaders  and  subject  matter  experts  within 
the  community.  One  common  theme  was  the  inability  to  integrate  new  teehnology  as  it  was 
made  available  to  the  eommereial  seetor.  Dr.  Perry  commented  that  even  during  his  days  as 
Seeretary  of  Defense  that  many  teehnology  efforts  developed  outside  of  defense  programs  were 
far  more  advanced  than  similar  efforts  inside  the  department.  In  some  eases,  he  found  that 
military  programs  had  been  surpassed  by  what  was  eommereially  available  and  that  the  military 
systems  were  “two  generations  behind  in  terms  of  effectiveness.” 

This  reluetanee  to  adopt  new  technology,  particularly  one  that  is  software  intensive,  was 
also  mentioned  by  Mr.  Giesler.  In  his  experience  when  dealing  with  government  acquisition 
officials,  the  focus  appears  to  be  on  the  platform  and  hardware  solutions.  His  thoughts  were 
echoed  by  Lt  Col  Douglass  Coppinger,  commander  of  the  9H*  Network  Warfare  Squadron. 
Deseribing  his  relationship  with  the  aequisitions  offiees  responsible  for  satisfying  his  operational 

-5  0 

needs,  he  eites  a  mindset  whieh  “defaults  towards  a  hardware  solution.”  The  effect  in  not 

Robert  Giesler  (SAIC),  interview  with  the  author,  19  February  2009. 

Dr.  William  Perry  (former  Secretary  of  Defense),  interview  with  the  author,  2  March  2009. 

Robert  Giesler  (SAIC),  interview  with  the  author,  19  February  2009. 

Lt  Col  Doug  Coppinger  (9P*  Network  Warfare  Squadron),  interview  with  the  author,  26  February  2009. 
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adding  promising  software  solutions  is  not  only  to  lengthen  the  timeline  for  delivery,  but  also  the 
produetion  of  a  less-than-eapable  system.  “There  is  a  disconnect  between  what  is  said  (as  a 

TO 

requirement)  and  what  is  delivered  (in  acquisitions),”  said  Lt  Col  Coppinger. 

Operators  also  noted  the  time  delay  between  requirements  identification  to  an  acquisition 
effort  being  initiated.  As  mentioned  earlier  regarding  the  requirements  generation  and  resource 
allocation  processes,  the  acquisitions  community  is  somewhat  dependent  on  a  well-defined 
requirement  and  sufficient  resource  investments  being  approved  before  they  can  begin  their  own 
effort.  Still,  delays  can  and  do  occur  in  initiating  the  acquisitions  process  even  with  those 
staffing  obstacles  surmounted. 

Lt  Col  James  Lance,  deputy  commander  of  the  Air  Force’s  Network  Operations  Center, 
commented  that  the  bureaucracy  sometimes  overwhelms  even  the  best  intentions  to  provide  even 
rudimentary  capabilities  to  cyberspace  operators.  After  submitting  concept  of  operations  and 
operational  requirements  documents  for  a  network  defense  system  in  October  2007,  it  still  had 
not  been  released  as  a  “Request  for  Proposal”  to  industry  within  the  following  18  months."^*^  He 
also  mentioned  that  his  organization’s  “defense  industry  partners  had  developed  several 
promising  prototype  systems”  to  satisfy  the  requirement,  but  that  they  were  unable  to  purchase  or 
develop  the  systems  further  without  a  break  in  the  bureaucratic  staffing.  From  his  perspective, 
Lt  Col  Lance  sees  this  as  “but  one  example  of  an  inflexible  Cold  War-era  acquisition  system  not 
optimized  for  the  2L*  century  Air  Force”  or  the  cyberspace  domain."^^ 


Lt  Col  Doug  Coppinger  (9L*  Network  Warfare  Squadron),  interview  with  the  author,  26  February  2009. 

Lt  Col  James  Lance  (Air  Force  Network  Operations  Support  Center),  interview  with  the  author,  27  February 


2009. 

Ibid. 
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Chapter  4 


Potential  Alternatives  for  Success 

We  must  be  prepared  to  change  requirements  and  operating  procedures  to  agree 
with  commercial  practice  if  we  are  to  make  efficient  use  of  commercial 
technology. 

—  United  States  Air  Force  Scientific  Advisory  Board 

In  discussions  with  current  and  former  senior  leaders,  several  suggestions  were  made  as  to 
how  policies  and  processes  might  be  altered  to  address  these  challenges.  There  was  broad 
agreement  across  the  small  sampling  of  subject  matter  experts  to  which  I  spoke  that  there  must 
be  some  considerations  and  allowances  made  for  the  unique  operational  environment  in  which 
cyberspace  operations  occur  and  the  enabling  technologies  which  lead  to  operational  success. 
Without  modifications,  it  was  commonly  stated  that  our  network  warfare  capabilities  will  not  be 
as  robust,  capable  or  effective  as  needed  in  a  demanding  cyberspace  environment. 

Three  alternatives  are  identified  here  which  will  address  the  challenges  facing  cyberspace 
materiel  development.  Together,  these  alternatives  provide  a  tiered  approach  to  countering  some 
ill  effects  of  the  corporate  processes,  while  also  mitigating  both  operational  and  resource 
allocation  risk.  Additionally,  it  allows  for  a  more  responsive  presentation  of  materiel 
development  capabilities  to  counter  the  unique  challenges  of  technology  breadth,  pace  of 
innovation  and  operational  urgency. 
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Major  Force  Program-11  Authorities 

The  United  States  Speeial  Operations  Command  (USSOCOM)  has  unique  proeurement 
authorities  provided  to  it  by  law.  It  is  the  only  joint  combatant  command  which  is  provided  its 
own  procurement  funding  to  purchase  equipment  for  its  component  forces,  independent  of  that 
component’s  parent  Service.  In  all  other  joint  combatant  commands,  parent  Services  are 
identified  in  federal  statute  as  being  responsible  for  satisfying  all  materiel  and  equipment  needs 
of  their  respective  forces. 

USSOCOM’s  special  authority  is  known  as  Major  Force  Program-11  (MFP-11).  This 
authority  was  granted  by  the  United  States  Congress,  upon  recommendation  of  the  Secretary  of 
Defense  and  an  appointed  commission,  following  inquiries  into  the  failed  1979  rescue  attempt  of 
the  Americans  held  hostage  by  Iranian  revolutionaries.  This  review  assessed  the  underlying 
causes  of  the  mission’s  failure.  In  part,  the  commission  found  that  equipment  and 
interoperability  issues  contributed  to  other  unanticipated  issues  which  ultimately  prevented 
completion  of  a  successful  mission.  Additionally,  it  was  determined  that  a  joint  combatant 
command  was  required  to  coordinate  not  only  operational  components,  but  to  satisfy  the 
specialized  procurement  needs  of  those  forces. 

Given  the  nature  of  special  operations,  their  unique  operational  environments,  and  the 
potential  for  immediate  force  employment,  it  was  determined  that  the  to-be-established 
USSOCOM  required  unique  procurement  authorities.  MFP-11  allows  USSOCOM  to  acquire 
unique  equipment  for  its  forces  and  operations,  with  more  tailored  operational  requirements  than 
what  might  occur  had  their  needs  had  been  filled  by  traditional  procurement  processes  within  the 
Services.  It  also  allows  USSOCOM  to  approach  and  directly  work  with  potential  industry 
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partners  to  develop  teehnologies  and  military  eomponents  that  might  satisfy  existing  operational 
needs  or  future  operational  eoneepts. 

A  similar  proeurement  authority  for  a  joint  eyberspaee  eomponent  would  also  be 
appropriate.  With  this,  the  joint  eommand  eould  identify  its  own  unique  requirements  and  then 
work  within  an  abbreviated  and  more  tailored  proeess  whieh  speeifieally  focuses  on  network 
warfare.  Additionally,  industry  partners  and  innovators  would  have  a  more  identifiable  entry 
into  a  joint  organization  capable  of  not  only  identifying  the  requirements,  but  also  procuring 
them.  This  authority  would  also  promote  a  more  collaborative  environment  between  the  private 
sector  and  the  cyberspace  operations  community,  similar  to  that  relationship  enjoyed  by  the 
special  operations  community  and  its  private  sector  partners. 

MFP-11  authorities  for  a  joint  cyberspace  command  would  directly  address  the  unique 
challenges  facing  computer  network  operations.  The  breadth  of  technological  innovation  and  its 
potential  impacts  on  cyberspace  operations  would  be  partly  mitigated  by  the  change  in  process. 
In  working  more  directly  with  the  private  sector  and  empowered  with  its  special  procurement 
authorities,  the  joint  command  could  better  anticipate  the  deployment  of  new  technologies  which 
might  affect  targeted  or  intended  target  components.  This  may  not  prevent  technological 
surprise  on  all  adversary  networks;  however,  the  improved  awareness  may  lessen  the  time 
needed  to  orient  to  the  problem  and  enable  a  more  refined  course  of  action  to  be  developed  more 
quickly  when  those  situations  develop. 

Additionally,  MFP-11  might  help  the  joint  command  better  respond  to  the  pace  of 
technological  innovation  and  how  it  affects  their  target  networks.  Similar  to  its  ability  to  lessen 
orientation  time  to  the  problem  as  noted  above,  it  would  provide  a  more  proactive  means  to 
correct  deficiencies  resulting  from  the  rapid  employment  of  a  new  technology  or  application. 

Robert  Giesler  (SAIC),  interview  with  the  author,  19  February  2009. 
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Special  procurement  authorities  would  allow  a  more  immediate  response  from  a  cyber-focused 
command  than  would  a  similar  response  that  required  a  more  lengthy  approval  process  through 
the  Service’s  headquarters  element.  The  community  would  not  only  have  the  core  expertise  to 
recognize  the  operational  problem,  but  it  would  also  have  the  resource  means  to  invest  in  a 
solution  in  a  much  more  timely  manner. 

The  final  challenge  was  that  of  operational  urgency,  largely  resulting  from  frequent  requests 
of  operational  leaders  and  forces  encountering  unforeseen  threats  or  opportunities  in  the  current 
operating  environment.  MFP-11  would  also  be  a  helpful  tool  in  addressing  this  challenge  by 
reducing  the  time  from  recognition  of  the  problem  to  resources  being  applied  to  the  problem. 
With  these  special  authorities  would  come  the  ability  to  reprogram  monies  from  a  lesser  priority 
to  a  higher  priority,  such  as  those  identified  by  an  operational  commander.  MFP-1 1  would  allow 
the  joint  forces  commander  responsible  for  cyberspace  forces  to  redistribute  resources  within  the 
command  as  the  operational  environment  changes.  This  not  only  provides  a  more  responsive 
command  to  these  operational  urgencies,  but  also  encourages  a  continual  reassessment  of 
materiel  development  programs  and  their  relative  priority  and  potential  impact  on  operational 
capability. 

A  key  challenge  in  establishing  these  authorities  is  the  creation  of  a  joint  forces  command 
for  cyberspace  operations.  Currently,  Air  Force  network  warfare  capabilities  are  presented 
through  the  Joint  Force  Component  Commander  for  Network  Warfare,  an  organizational  element 
of  the  United  States  Strategic  Command  (USSTRATCOM).  While  it  may  be  possible  to  assign 
specified  procurement  authorities  to  USSTRATCOM  for  the  cyberspace  mission,  this  approach 
is  without  precedent.  There  are  recent  news  reports  of  the  Secretary  of  Defense  considering  a 
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joint  combatant  command  for  network  warfare  and  this  would  be  a  eritical  first  step  towards 
establishing  future  MFP-1 1  authorities. 


CYBER  SAFARI 

Another  sueeessful  approaeh  which  might  be  leveraged  by  the  eyberspace  eommunity  is  that 
of  BIG  SAFARI."^^  This  is  a  quiek  reaetion  eapability  organization  foeused  on  providing  tailored 
equipment  and  capabilities  to  Air  Foree  intelligenee  platforms.  BIG  SAFARI  is  an  Air  Foree 
Materiel  Command  unit,  loeated  within  the  Aeronautieal  Systems  Center  at  Wright-Patterson  Air 
Foree  Base.  Its  aim  is  to  rapidly  develop  new  sensors  and  systems  assoeiated  with  airborne 
intelligenee  platforms.  It  does  this  on  a  platform-eentrie  basis,  foeusing  on  ineremental 
improvements  to  a  single  aireraft  and  then  making  those  same  modifieations  throughout  the 
airborne  fleet  at  some  point  in  the  future. 

This  program  has  had  broad  and  sustained  sueeess  for  several  deeades,  enabling 
improvements  to  intelligenee  gathering  systems  to  beeome  operational  at  a  quieker  paee.  This  is 
due  to  its  ability  to  foeus  effort  towards  emerging  threats  within  the  changing  operational 
environment,  as  well  as  the  manner  in  whieh  their  deliverable  produets  are  quiekly  pushed  out  to 
an  airborne  platform  and  then  the  remainder  of  the  fleet.  The  fleet  is  modified  on  an  ineremental 
“as  ean  oeeur”  sehedule,  as  opposed  to  a  delivery  sehedule  whieh  requires  all  aireraft  be 
modified  within  the  same  timeframe.  Configuration  management  of  the  airborne  fleet  is  a 
ehallenge;  however,  the  overall  operational  eapability  of  the  fleet  improves  inerementally  over 
time. 

As  applied  to  network  warfare,  CYBER  SAFARI  eould  be  a  similar  organization.  Given  the 
nature  of  eyberspaee  operations  and  the  need  for  elose,  timely  exchanges  between  operators  and 
Randy  Brown  (Air  Force  Materiel  Command),  interview  with  the  author,  2  February  2009. 


50 


the  materiel  developers,  the  organization  would  best  be  eolloeated  with  the  operational 
eyberspaee  organizations.  It  then  eould  foeus  on  satisfying  the  emerging  operational  needs  with 
a  similar  quick  reaction  capability  as  is  displayed  by  BIG  SAFARI. 

CYBER  SAFARI  would  be  an  excellent  option  in  countering  the  effects  of  both  broad  and 
narrowly-focused  technological  changes  to  targeted  networks.  The  organization  would  not  be 
responsible  for  developing  capabilities  against  new  networks,  but  rather  making  modifications  to 
friendly  capabilities  to  ensure  operational  advantage  is  maintained  or  regained.  For  example,  an 
existing  offensive  capability  targeting  a  specific  adversary  network  may  experience  a  situation 
where  a  single  component  or  series  of  components  within  that  network  negates  or  reduces  the 
platform’s  ability  to  successfully  engage  it.  CYBER  SAFARI,  following  notification  and 
direction  by  the  operational  community,  would  focus  effort  towards  a  solution  which  enables  that 
offensive  capability  to  regain  access  and  network  maneuverability. 

This  organization  would  also  be  helpful  in  addressing  the  pace  of  technological  innovation 
on  the  targeted  networks.  Adversaries  will  integrate  new  technologies,  applications  and  bundled 
services  into  their  networks  at  different  speeds.  Some  may  consistently  be  more  aggressive  in 
modifying  their  network,  while  others  may  frequently  lag  others  in  making  modifications.  More 
likely  is  that  an  adversary  will  range  across  the  spectrum.  CYBER  SAFARI  would  allow  quick 
reaction  efforts  that  were  focused  on  one  network  to  be  more  broadly  applied  against  other 
targets  before  changes  in  those  secondary  networks  were  ever  observed.  With  the  organization 
focused  on  providing  solutions  to  identified  deficiencies  in  existing  capabilities,  CYBER 
SAFARI  will  likely  be  working  towards  solutions  that  could  then  be  exported  to  other  platforms 
targeting  other  networks.  This  would  allow  those  other  platforms  to  be  incrementally  improved, 
just  as  the  airborne  intelligence  fleet. 
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Clearly,  the  CYBER  SAFARI  eoneept  would  be  responsive  to  the  third  ehallenge  of 
operational  urgeney,  partieularly  if  the  organization  were  loeated  in  elose  proximity  to  the 
eyberspaee  operators.  Although  the  organization  may  not  have  physieal  presenee  near  all 
network  warfare  platforms  or  their  forees,  the  eoneept  would  enable  a  more  timely  dialogue 
between  the  operations  community  and  the  materiel  capability  developers.  Additionally,  the 
organization  would  allow  a  more  focused  support  effort  to  the  existing  and  employed 
capabilities.  CYBER  SAFARI,  like  its  BIG  SAFARI  model,  would  be  a  critical  improvement 
towards  quick  reaction  capability  development. 

Cyber  Warfare  Integrated  Reprogramming 

An  adaptation  of  the  Electronic  Warfare  Integrated  Reprogramming  (EWIR)  effort  would 
also  provide  improvements  to  cyberspace  systems."^"^  EWIR  is  a  program  focused  on  providing 
sensor,  intelligence  and  other  adjustments  to  fielded  electronic  warfare  systems.  These  systems 
are  not  aircraft  themselves,  but  primarily  radar  warning  receivers  and  electronic  jammers 
throughout  the  air  operations  community.  Using  intelligence  data,  collected  signals,  data 
simulation  models  and  other  techniques,  EWIR  identifies  new  threats  and  then  pushes  updates  to 
the  affected  receivers  and  jammers. 

For  example,  consider  the  instance  where  an  intelligence  platform  identifies  a  new  radar 
signal  associated  with  a  surface-to-air  missile  and  that  the  presence  of  this  signal  is  associated 
with  the  terminal  guidance  radar  for  the  missile.  The  EWIR  program  office  would  take  this 
previously  unknown  signal  and  then  identify  the  unique  parametric  data  associated  with  it.  After 
modeling  the  signal’s  characteristics  and  understanding  its  role  in  the  adversary  surface-to-air 
missile  system,  the  EWIR  office  would  publish  an  electronic  notice  of  the  new  signal  to  the  air 
Mike  Mintor  (MITRE),  interview  with  the  author,  2  March  2009. 
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operations  community.  Specialists  there  would  take  that  information  and  reprogram  their 
respective  organizations’  radar  warning  receivers  and  jammers,  allowing  their  aircraft  to  now 
have  an  awareness  of  this  new  signal  and  its  importance.  In  this  way,  the  aircraft  are  now  able  to 
sense  the  threat  and  electronic  warfare  aircraft  are  now  able  to  jam  the  associated  radar  more 
effectively. 

A  similar  model  could  be  used  for  cyberspace  operations.  A  Cyber  Warfare  Integrated 
Reprogramming  (CWIR)  office  would  perform  a  similar  purpose  in  collecting  network- 
associated  information,  modeling  that  data  to  understand  its  operational  impact,  and  then  push 
out  capability  impact  reports  to  the  cyberspace  forces.  For  example,  suppose  intelligence 
sources  indicated  a  specific  technology  change  was  to  take  place  on  a  targeted  adversary 
network.  The  CWIR  office  could  acquire  a  commercial  copy  of  the  component  to  be  changed  or 
the  technical  specifications  of  that  upgrade,  and  then  perform  its  own  assessment  of  how  the 
change  may  affect  our  known  operational  capability.  The  CWIR  office  might  make  use  of  a  test 
facility  with  a  variety  of  different  representative  networks  on  which  they  could  replicate 
modifications  to  determine  their  impact.  The  office  might  then  provide  software  updates  to 
fielded  capabilities  so  that  those  systems  were  prepared  for  the  pending  upgrade  on  the  targeted 
network.  Operational  units  could  also  review  CWIR  reports  to  determine  whether  additional 
adjustments  where  needed  in  their  tactics. 

A  CWIR  model  would  provide  an  organization  that  was  focused  on  detecting  technology 
changes  in  targeted  networks  and  then  developing  some  initial  response  for  the  community  to 
counter  it.  This  addresses  the  need  for  cyberspace  materiel  development  processes  to  be 
cognizant  and  responsive  to  the  breadth  of  potential  change  on  adversary  systems.  The  CWIR 
organization,  working  with  operator  and  intelligence  community  information,  would  be  able  to 
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compile  a  central  repository  of  these  changes  as  they  are  applied  in  networks  around  the  world. 
This  would  allow  capability  developers  and  cyberspace  operators  advance  warning  of  potential 
changes  and  remedies  to  other  problems. 

The  pace  of  technological  change  might  also  be  captured  and  tracked  by  the  CWIR 
organization.  Using  its  collected  intelligence  information  and  network  modeling  tools,  it  may  be 
able  to  develop  forecasting  methods  to  understand  how  quickly  changes  may  propagate  through 
a  representative  network  using  the  same  types  of  upgrades  or  how  likely  another  network  is  to 
employ  similar  changes.  The  most  valuable  use  of  CWIR  might  be  in  providing  a  deeper 
technical  understanding  of  how  targeted  networks  are  changing  over  time  and  whether  there  are 
certain  networks  that  are  more  agile  or  likely  to  change. 

CWIR  is  perhaps  the  most  responsive  towards  satisfying  the  operational  urgency  challenge. 
If  following  the  EWIR  model,  this  organization  would  actually  identify  potential  issues  and 
operational  shortfalls  before  the  operators  themselves  might  be  aware.  In  the  earlier  example  of 
the  new  threat  radar  system,  a  single  indication  of  a  new  signal  would  be  a  threshold  event 
requiring  an  update  to  be  pushed  to  all  radar  warning  receivers  and  electronic  warfare  jammers. 
CWIR,  if  using  a  like  example,  would  detect  a  single  change  on  a  targeted  adversary  network 
and  push  a  potential  fix  to  affected  operators.  This  would  be  a  very  proactive  means  to  support 
the  operational  community. 

There  are  challenges  in  applying  the  EWIR  model  to  the  cyberspace  domain,  one  of  which 
would  be  in  determining  the  scope  of  responsibility  of  the  CWIR  organization.  Some  solutions 
may  be  worked  in-house  with  available  skills  sets  and  resources;  however,  others  might  require 
significantly  more  effort  or  expertise  which  is  not  resident  within  it.  This  may  require  some 
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triage  function  internal  to  CWIR  which  sorts  deficiencies  to  those  that  can  be  resolved  within  the 
organization  and  those  which  require  outsourcing."^^ 


Mike  Mintor  (MITRE),  interview  with  the  author,  2  March  2009. 
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Chapter  5 


Conclusion 

Information  warfare  will  be  the  most  complex  type  of  warfare  in  the  century, 
and  it  will  decide  who  will  win  and  who  will  lose  the  war. 

—  Chang  Mengxiong,  Chinese  military  theorist 

The  Department  of  Defense  and  the  Air  Foree  are  still  developing  their  organizational 
struetures  and  operational  eoneepts  for  network  warfare.  And  they  both  are  beginning  to  plaee 
more  attention  on  the  forees  and  training  required  for  this  newest  warfighting  domain. 
Coneurrently,  they  are  developing  and  fielding  materiel  eapabilities  for  future  eyberspaee 
operations,  direeted  both  against  potential  adversaries  and  ensuring  the  seeurity  of  our  own 
networks.  As  the  network  warfare  mission  area  matures  and  data  points  are  gathered  on  how 
those  eapabilities  perform,  it  is  likely  that  some  will  identify  problems  in  the  eorporate  proeesses 
to  deliver  those  needed  platforms  and  tools. 

The  eorporate  proeesses  used  by  the  Department  of  Defense  and  the  Air  Foree  were 
developed  in  a  different  era  of  military  eapability  produetion.  These  are  industrial-era 
bureaueratie  proeesses  whieh  are  geared  towards  the  produetion  of  traditional  military  systems 
and  equipment,  partieularly  those  made  in  large  quantity.  The  proeesses  do  have  advantages  in 
identifying  highest  priority  needs,  alloeating  limited  resourees  to  those  priority  needs  and  then 
ensuring  appropriate  oversight  to  the  aequisition  of  those  eapabilities.  However,  the  operational 
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environment  of  cyberspaee  is  mueh  different  than  the  warfighting  domains  of  air,  space,  ground 
and  maritime  operations.  This  uniqueness  in  operations  minimizes  the  benefits  of  the  process, 
while  amplifying  the  negative  aspects  of  the  bureaucracy. 

Network  warfare  capabilities  are  much  more  vulnerable  to  technological  surprise.  Friendly 
networks  which  were  secure  one  day  may  be  vulnerable  tomorrow.  Similarly,  adversary 
networks  which  could  be  effectively  targeted  in  one  configuration  might  regain  their  security  in 
short  duration  due  to  a  slight  modification.  The  only  way  in  which  our  cyberspace  operations 
capabilities  maintain  or  gain  advantage  is  to  ensure  that  our  platforms  can  be  modified  quickly  to 
address  these  changes. 

The  cyberspace  domain  is  defined  by  the  technology  being  employed.  How  that  technology 
is  employed,  whether  in  hardware  or  software  elements,  and  our  ability  to  either  protect  or 
exploit  the  desired  networks  will  depend  on  our  ability  to  stay  apace  with  the  changes.  Breadth 
and  pace  of  technological  innovation  will  be  a  critical  stressor  on  our  materiel  development 
capabilities,  with  our  operators  adding  to  this  by  identifying  new  threats  or  deficiencies. 
Whatever  methods  are  used  must  consider  these  aspects. 

Offered  within  this  paper  are  three  alternatives  to  these  challenges:  special  procurement 
authorities,  a  quick  reaction  capability  organization,  and  another  organization  to  focus  on 
network  environmental  updates.  Respectively,  these  were  Major  Force  Program  11  authorities, 
CYBER  SAFARI  and  the  Cyber  Warfare  Integrated  Reprogramming  effort.  Ideally,  these  three 
alternatives  would  be  implemented  as  a  package,  enabling  unique  effects  at  different  levels  in  the 
development,  acquisition  and  procurement  of  materiel  capabilities.  It  is  my  recommendation  that 
all  three  alternatives  be  adopted. 
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